Security Risk by E-mail Whitelist Setting

Dear Customers,

 

Thank you very much for your continued support.

 

We would like to inform you of a security risk caused by setting up a

white list for vessels email.

 

In some cases, vessel email systems are requested to whitelist to

ensure that emails from charterers and affiliated companies.

A whitelisted e-mail address is a system that unconditionally delivers

the e-mail to the vessel without inspecting the attached file contents

or e-mail contents.

Email addresses that have been whitelisted will not be checked for

attachments or email content.

However, please be aware that there have been cases where this

mechanism has caused security problems on vessels.

 

Example 1: A virus email with a spoofed sender was delivered to the ship,

              and since it was a whitelist domain, it slipped through the virus check.

 

Example 2: A user's PC was hijacked by an external attacker, and attack

　　　　     emails were sent to the vessel using the user's PC as a stepping stone.

 

Example 1 is the case of a malicious third party attack, while Example 2

is the case of an accidental attack on a bona fide party, resulting in damage

to the ship due to the whitelist.

 

Unconditional e-mail delivery by white lists is no longer suitable for the

current cyber security era.

 

If you have any questions, please feel free to contact us.

 

Sincerely,