Cyber threats against the maritime industry have increased notably in recent years, highlighting the need for innovative cybersecurity approaches. Ships, as critical assets, possess highly specialized and interconnected network infrastructures, where their legacy systems and operational constraints further exacerbate their vulnerability to cyberattacks. To better understand this evolving threat landscape, we propose the use of cyber-deception techniques and in particular honeynets, as a means to gather valuable insights into ongoing attack campaigns targeting the maritime sector. In this paper we present Salty Seagull, a honeynet conceived to simulate a VSAT system for ships. This environment mimics the operations of a functional VSAT system onboard and, at the same time, enables a user to interact with it through a Web dashboard and a CLI environment. Furthermore, based on existing vulnerabilities, we purposefully integrate them into our system to increase attacker engagement. We exposed our honeynet for 30 days to the Internet to assess its capability and measured the received interaction. Results show that while numerous generic attacks have been attempted, only one curious attacker with knowledge of the nature of the system and its vulnerabilities managed to access it, without however exploring its full potential.

翻译：近年来，针对航运业的网络威胁显著增加，凸显了对创新网络安全方法的迫切需求。船舶作为关键资产，拥有高度专业化且互联互通的网络基础设施，而遗留系统与运营限制进一步加剧了其遭受网络攻击的脆弱性。为深入理解这一不断演变的威胁态势，我们提出运用网络欺骗技术，特别是蜜网，作为收集针对航运业正在进行的攻击活动宝贵情报的手段。本文介绍"咸涩海鸥"——一个专为模拟船舶VSAT系统设计的蜜网。该环境可模拟船上功能型VSAT系统的运行，同时允许用户通过Web仪表盘及命令行界面与之交互。此外，我们基于现有漏洞，有意将其整合到系统中以提升攻击者的参与度。我们将蜜网暴露于互联网30天以评估其能力，并记录交互数据。结果表明，尽管遭遇大量通用攻击，仅有一名了解系统性质及其漏洞的猎奇型攻击者成功访问，但未进一步探索其全部潜力。