Dominic Jainy stands at the forefront of the battle against digital threats, blending a deep understanding of emerging tech with infrastructure defense. In our conversation, he dissects the breach of the Adriatic Port Authority, an event serving as a loud wake-up call for the shipping world. We explore the inner workings of the Anubis group, the technical gaps in port security, and the high-stakes financial motivations behind double extortion schemes.
The attack on the Adriatic Port Authority began with a spear-phishing email targeting staff at the management company. How does a simple email escalate into a breach that compromises sensitive cloud environments like Office 365 and Azure?
It is a chilling reminder of how the smallest crack in the door can lead to a total collapse of the house. On December 11, 2025, a single staff member likely received an email that looked perfectly routine, yet it carried the seeds of a massive disruption. Once that initial access was secured, the attackers moved laterally through the network, bypassing the need to even touch operational technology. By focusing on IT weaknesses like insecure cloud accounts managing Office 365 and Azure, the threat actors were able to seize control of the very systems that coordinate the port’s daily life. It is terrifying to think that a few keystrokes from a compromised account can eventually lead to the rerouting of massive cargo vessels and the paralysis of a major maritime hub.
While the authority claimed only 2% of data was lost, reports suggest a much more harrowing scene with rerouted vessels and a staggering ransom demand. What makes the specific types of stolen data—like port safety plans—so dangerous in the hands of criminals?
The raw percentage of data lost, in this case roughly 2%, is often a deceptive metric because it does not account for the “quality” or sensitivity of that information. While the authority managed to preserve much through backups, the material that did reach the dark web—employee records, contracts, and safety plans—is absolute gold for organized crime. Having the blueprints for port security operations allows groups to facilitate smuggling or even recruit insiders by using personal details for leverage. When you combine that with a reported $10 million Bitcoin ransom demand, you realize these attackers are not just looking for a quick payout; they are trying to hold the entire logistical flow of a region hostage. The sight of ships being diverted from Ancona because the digital heartbeat of the port was flatlining shows that the physical world is now entirely at the mercy of the digital one.
Anubis has rapidly evolved into a sophisticated operation since its 2024 debut, utilizing a Ransomware-as-a-Service model. Can you explain how their profit-sharing structure incentivizes such high-stakes attacks across multiple industries?
The Anubis group has turned cybercrime into a highly efficient corporate machine since they launched their affiliate program in February 2025. By offering affiliates 80% of the take for deploying ransomware and 60% for data extortion, they have created an aggressive incentive structure that attracts the most capable hackers. They even offer a 50% cut to initial access brokers, which ensures a steady stream of new victims across sectors like healthcare, construction, and engineering. This model has already boasted earnings of more than $20 million, proving that the double extortion method is tragically effective. It turns the “business” of hacking into a scalable, global enterprise where the developers provide the tools and the affiliates provide the ruthlessness.
The investigation revealed that attackers often exploit unpatched flaws in internet-facing systems. What are the most critical technical gaps you see in maritime IT that allow groups to bypass security without even touching operational technology?
The maritime sector is currently struggling with a thin level of cyber maturity that leaves the door wide open for mass exploitation. We are seeing attackers repeatedly use known vulnerabilities, such as SonicWall VPNs that lack multi-factor authentication or the CitrixBleed 2 flaw. There is also the issue of unpatched systems like the SolarWinds Web Help Desk, where the CVE-2025-26399 vulnerability provides an easy entry point for anyone with the right toolkit. Ports are digitizing at a rapid pace, but their IT infrastructure is often outdated and unable to keep up with the evolving threat landscape. The reliance on Cisco SSL VPNs and other internet-facing systems means that if you are not rigorous about patching, you are essentially inviting groups like Anubis to walk right in.
What is your forecast for the maritime security landscape as ports continue to digitize?
I expect the pressure on maritime infrastructure to deepen significantly as we move toward 2030. As digitization widens the attack surface, the gap between the sophisticated tools used by RaaS groups and the outdated IT found in many ports will become a primary global risk. We will likely see more coordinated hits similar to what happened at Nagoya or with Maersk, where the goal isn’t just data theft, but the total leverage of global supply chains. Unless the sector moves toward a much higher level of cyber maturity—incorporating mandatory multi-factor authentication and real-time vulnerability management—the maritime industry will remain a prime target for high-value extortion.