The identity and motive of the cyber-attackers who hit DP World last week are not yet known, but media reports suggest sabotage by a ‘foreign state actor’ that has the necessary skills and the motive to undermine Australia’s national security or economic interests.
The attack, being characterized as a ‘cyber incident’ by victim DP World Australia – and still unattributed – appeared to have involved ransomware, but without an accompanying ransom demand.
This raises the question as to whether the disruptor was just testing the vulnerability of the system, perhaps as a kind of ‘dress rehearsal’ for an even more damaging event.
DP World has not released any substantial details about the nature of the attack. The swift shutdown of systems to the point of stopping port operations for several days, however, points to ransomware. None of the ransomware groups known by the AFP to maintain a dark web presence for data extortion purposes have publicly claimed an attack – as of yet.
The timing, scale and impact of the disruption do suggest this was a targeted attack.
It occurred on a Friday night, when most staff were off duty and less likely to notice or respond to the incident. The target was a major port operator that handles a significant share of Australia’s trade and commerce. Such an attack can have serious consequences for Australia’s economy, security and sovereignty.
These incidents highlight the vulnerability of the maritime industry to cyber threats and the need for increased cybersecurity measures.
What’s notable about hitting a major port terminal operator is the extended effect it can have on markets and supply chains. When viewed through the lens of global trade warfare, a shipping supply line, or the ports which enable them, become compelling targets. It emphasizes the interconnected nature of international shipping.
Security research company Semperis expects to see similar attacks on the shipping industry in the USA this holiday season. They say that nine out of ten attacks exploit Active Directory, the core identity system for most organizations. Companies need to monitor for unauthorized changes occurring in their Active Directory environment – which threat actors use in most attacks – and have real time visibility to changes to elevated network accounts and groups.
For a seamless flow of goods, we need to be constantly vigilant of potential threats to our supply chain infrastructure. From this point onwards, Australian port operators need to closely coordinate with government counterparts and industry partners on intelligence sharing and cybersecurity best practices. Cyberthreats evolve so quickly, always being prepared for the latest one is a significant challenge.
Rolling out security awareness training to all employees is a critical part of the process, as the weakest link in an organization’s ecosystem are employees that unsuspectingly click on malicious links.
See our previous related article: Who Was Behind the DP Cyber Attack?
As licensed Customs Brokers and International Freight Forwarders, Colless Young provides a complete range of shipping and allied transport services including connections by road and rail as well as warehousing. We professionally handle all your consignments by sea and air, both import and export, taking care of customs clearance, quarantine treatments and landed costings. With out head office in Brisbane, Colless Young offer logistics facilities through all major Australian ports and airports.