The Maritime Union of Australia (MUA) has called for a federal investigation into the cyber attack which crippled DP World’s four terminals in the country for three days earlier this month, an incident that made headlines around the world.
The union has asked Clare O’Neill, Australia’s home affairs minister, to make sure DP World is “hauled over the coals” for what it claimed in a release was a “completely avoidable supply chain crisis entirely of the company’s own making”.
The vulnerability in DP World’s’ IT systems was well understood and well publicised within the global internet security sector, the union claimed, saying that the Citrix software used at the four terminals had patches available to fix the vulnerability, but they were not applied.
The press release blasted the Dubai terminal operator for what it described as “one of the gravest failures of corporate governance in recent memory”.
“This cyber attack was not a terrible accident but an appalling failure and the managers responsible should be held accountable,” said MUA assistant on national secretary, Adrian Evans.
The union claimed on Sunday that the company has still not briefed its national workforce about the breadth or depth of the data breach or whether sensitive information from payroll or HR records were accessed or extracted.
DP World today confirmed there was reason to believe some of the data accessed could relate to worker information, but the nature and extent of the breach was still unclear.
“We have communicated these early findings to our employees including recommendations for early steps which can be taken in response,” a spokesman told Australian Associated Press, adding: “As our investigation progresses we will be contacting individuals directly as required.”
DP World said it was working closely with multiple government agencies, including the Australian Federal Police, and would continue to provide updates on the progress of the investigation.
“The software DP World uses has been exploited by Russian criminals in other parts of the world over several months. Patches were available but not applied, so the company must be held responsible for this catastrophic failure and the massive sovereign risk in Australia’s supply chains it has exposed us to,” said MUA’s Evans.
Ports have become repeated targets for cyber criminals of late. In July, the Port of Nagoya in Japan was hit by a ransomware attack. Last Christmas, Portugal’s Port of Lisbon was hit by Russian ransomware LockBit, crippling its operations for days. Jawaharlal Nehru Port Trust, India’s busiest container port, also suffered a ransomware attack last year. In April, three Canadian ports were also targeted.
Research published last month found that the maritime industry remains an “easy target” for cyber criminals and that the cost of attacks and demand for ransom payments across the sector have skyrocketed over the past year.
The report, which was produced by law firm HFW and maritime cyber security company CyberOwl, reveals that the average cyberattack in the maritime industry now ends up costing the target organisation $550,000 – up from $182,000 in 2022.
It also shows that demands for ransom have increased by more than 350%, with the average ransom payment now $3.2m – up from $3.1m last year.
