Several Greek shipping companies fell victim to a cyber attack on Halloween over the weekend, resulting in the loss of important files.
The companies affected used the communication systems of Danaos Management Consultants and came in direct contact with the company. Reportedly, the cyber attack blocked their communication with ships, suppliers, agents, charterers and supplies, while at the same time the files with their correspondence were lost.
Danaos Management Consultants sent instructions to its customers, asking them among other things to back up critical files to external hard drives.
The report, first carried by local media title Mononews, has since been confirmed by maritime cyber specialists in touch with Splash today.
Some companies were compelled to use emergency alternatives to reach their ships, such as different emails with some owners suggesting the damage done by the cyber attack could result in lawsuits against Danaos.
“The cyber risk landscape is increasingly complicated by the involvement of organised crime and state actors, cyber exclusion clauses, international sanctions and international regulation. Shipowners and operators now have to navigate this complex landscape in addition to all the other pressures faced by the sector. From a legal perspective, it is critical to thoroughly check the extent and application of cyber insurance cover, cyber provisions in contracts and cyber emergency response procedures. Absence of good cyber house-keeping undermines proper due diligence,” Julian Clark, global senior partner at Ince, told Splash.
Rick Tiene, vice president of cybersecurity experts Mission Secure also told Splash shipowners and operators should implement proactive cyber security defence and that it is important to consider cyber security as part of the maritime infrastructure, rather than a bonus.
“It is not like the movies where you can reactively ‘counter hack’ against an attack. Today’s hacks are most often scripted payloads and once you know you are being hacked, you already have been hacked. So inline intrusion prevention is much more critical than just detection,” Tiene said.