New ATP stops its first cyber security attack before anti-virus companies even register it

GTMaritime says its new Advanced Threat Protection (ATP) is showing great benefits just weeks into being launched.

The new security enhancement helped safeguard its customers whilst under a cyber-attack, whilst no antivirus companies even knew of its existence.

The sophisticated system, being implemented across all GTMailPlus accounts, stopped a virus in its tracks as it was headed for one of its vessels. The technical operations team found the virus had been quarantined by the new ATP software due to having a banned attachment type, which could have resulted in mass damage if delivered. It was not presently registered with anti-virus companies so would have been allowed through.

Robert Ball, Technical Operations Manager at UK-based GTMaritime, explained: “Email is nothing new to the maritime industry and neither is the idea of an unwanted email. Malicious code contained in these emails may be used to ‘inject’ information or extract information to be used in other criminal activities.”

After further investigation, another 265 cases of this same message were found to be blocked by the system. The intended recipients of these includind some of the top 10 market leaders across tankers, container vessels, bulk carriers, as well as many more.

Without appropriate cyber security measures, all businesses are at risk of being targeted. A recent attack in May this year known as the WannaCry ransomware affected over 400,000 computers in 150 different countries and caused an estimated $1 billion worth of service loss in the following four weeks.

Since 2015, the total loss value as a result of ransomware has increased by a whopping 1,500%.

For the maritime industry an unrecognised ‘virus’ like this could be detrimental to vessel navigation, tracking systems at ports and onboard ships, evidencing increased security measures on vessels to be fundamental to the smooth running of its operations.

Before a virus can be detected, it needs to be ‘known’. Mr Ball explained: “If a file is examined at a binary level and is found to match a signature sequence for a known virus code, the file can be rejected. This works reasonably well, but it relies on the virus being created, then released into ‘the wild’, identified, examined and finally confirmed.  After all that, the signature can be distributed to antivirus end users by virus protection agencies” – but what happens before this? That’s where ATP comes in.

He added: “GTMaritime’s attitude to increased network security means the excellence of the ATP system works proactively at a more advanced level to identify any unfamiliar item coming through our servers.

“The virtual machine allows the code to expose itself as if it was in a live environment. All of its actions are closely monitored, logged and reported. Once the code has shown itself as malicious; the ATP software will identify and tag the original email as harmful, before destroying.”

This is something that may not have been picked up by a standard anti-virus software due to this not being initially recognised as a virus.