The new Broadside botnet is actively infecting video surveillance systems and IoT gateways on commercial vessels. This is reported by experts from Cydome, a company specializing in maritime cybersecurity.
Malware is built on the basis of Mirai code. Its main danger lies in the ability to conduct powerful DDoS attacks and secretly intercept video streams. Infected devices can be used as a foothold for penetrating the navigation systems of ships, posing a direct threat to maritime security.
According to Cydome, the botnet activates a weak password cracking system in VSAT satellite terminals that provide communication on ships at sea. Infiltration occurs automatically when the victim enters the coverage area. After infecting the gateway, the malware scans the local network of the ship, attempting to find vulnerabilities in electronic navigation chart display systems.
Researchers warned that Broadside operators have already begun selling access to infected ship networks on shadow forums. Buyers may include competitors of logistics companies looking to obtain data on routes and cargo, as well as pirates using information about the locations of ships to plan physical attacks in dangerous regions.
