HoneyShip: Unveiling Cyber Threats to Maritime VSAT Systems with a High-Interaction Honeypot

The cybersecurity threats targeting the Global Maritime Transportation System (GMTS) have gained significant momentum, considering the number of reported attacks and resulting financial loss. The existing literature comes short when it comes to the understanding of the nature and methods of these threats. This study targets filling this gap by designing and deploying a high-interaction honeypot, HoneyShip, emulating a Very Small Aperture Terminal (VSAT) system to collect real-world attack data. The HoneyShip's design is guided by the insights we gathered from Shodan and verified by Nmap. We utilized Shodan to identify real-world vulnerable VSAT systems and then used Nmap to repeatedly scan them, revealing how long they remain online. We deployed HoneyShip for a month, resulting in logging thousands of unique IP addresses and interactions. Our analysis of the Shodan and HoneyShip data revealed predominantly automated attacks probing for known vulnerabilities, with previously unreported patterns identified. These findings demonstrate the effectiveness of honeypots in providing actionable threat intelligence, which can inform and strengthen maritime cybersecurity defenses.