Maersk officials claim the cyber attack that hit it hard across the group’s global operations has been contained and a “technical recovery plan” is now underway, according to its latest update released this morning. All vessels are maneuverable and crews are safe, Maersk stated.
Maersk was one of the largest corporate names to have been hit by the Petya attack yesterday, underlining to shipping the very real threat posed to global supply chains by hackers. While Maersk has been the most high profile victim of yesterday’s attacks, Splash understands other shipping lines were also hit but have kept quiet on the matter.
As well as impacting offices and vessels, the ransomware hit 17 terminals run by APM Terminals across the world, creating some congestion and confusion in leading gateways such as Los Angeles, Rotterdam and Jawaharlal Nehru Port Trust in Mumbai. A number of these terminals were forced to close down yesterday and some have yet to reopen.
The Petya hack comes just weeks after the WannaCry global attack and shipping should now brace for a wave of further cyber attacks.
Law firm Norton Rose Fulbright’s latest annual transport survey, released today, show that 80% of those surveyed believe the coming five years will see cyber crimes increase.
Lars Jensen, founder of CyberKeel, a consultancy aiming to protect shipping companies from being hacked, noted in a post on LinkedIn today that the maritime industry as a whole was still not allocating appropriate resources to fight this growing scourge.
“Over the past 12-18 months, there has been a gradual change in the mindset of the industry, and the prevailing attitude is now a recognition that cyber security may indeed be a genuine threat – however we also find that this recognition in many cases still does not translate into the allocation of appropriate resources to properly investigate the company’s current level of cyber security nor the allocation of proper resources related to sustained heightening of cyber readiness,” Jensen wrote.
Looking at the Maersk attack, Jordan Wylie, founder of the Be Cyber Aware At Sea Campaign, said the perpetrators of the Petya ranswomware were getting more savvy at how to hack to the heart of an organisation.
“Taking out a business’s HQ or a series of port terminals is much more disruptive and damaging to an organisation than taking out a single vessel. Why take out a solider on the battlefield when you can wipe out the whole battalion,” he said.
Whilst awareness is ideal and very much a starting point for the maritime industry, Wylie said detection is a must and without an effective mitigation and response plan, awareness and detection are completely irrelevant.
The Petya ransomware takes over computers and has demanded a $300 payment. The malicious software spreads rapidly across an organisation once a computer is infected using the EternalBlue vulnerability in Microsoft Windows or through two Windows administrative tools. The malware tries one option and if it does not work, it tries the next one. It has a better mechanism for spreading itself than WannaCry.
With Splash getting unconfirmed reports of other shipowners being hit, the industry’s innate secretiveness makes it hard for lines to come together to share best practice in this domain.
“I expect there may be an unwillingness for owners and managers to speak too much in public about the cyber attack on Maersk in particular,” said a leading PR consultant speaking on condition of anonymity. “There is an awareness of not bringing down the evil eye and more to the point not to paint a target on your own back.”
One owner willing to comment was Nick Fisher, the head of Singapore’s Masterbulk, who told Splash today: “It goes to show that the targeting of the maritime industry has moved rapidly from a subject of conference speculation to reality. It highlights that we are all vulnerable irrespective of size or quality of the organisation and that those that don’t already have some kind of policy and contingency plan in place need to take action.”
Nick Brown, marine and offshore director at UK classification society Lloyd’s Register, told Splash today: “Cyber security must be considered with the utmost importance as a fundamental component in the risk profile of critical assets that are connected. As we have unfortunately seen this week, our industry is far from immune to these incidents and the consequences are far reaching. Across the marine and industry, there’s still huge variation in levels of awareness, and preparedness for, the increasing role of cyber technologies. Understanding the level of cyber readiness is the essential first step to identifying, mitigating and managing the risk.”
It is not just the information and communications technology (ICT) that needs to be considered, but also the operational technology (OT) of a vessel and the interdependencies of these systems, Brown observed.
“All systems onboard and – critically – onshore, need to be considered; how they are designed and installed, how they connect, and how they will be managed,” Brown urged.
Rory Macfarlane, a partner at law firm Ince & Co in Hong Kong, who was writing on this topic for Splash 12 days ago, suggested shipping needs to look big picture when it comes to losses made from ransomware attacks.
“To view losses from these attacks purely in terms of ransoms paid is a mistake,” Macfarlane told Splash today. “Losses incurred in terms of business interruption, rectification and reputation will be extensive and will continue to grow as these attacks become more and more common.” The early signs with Petya are that decryption may be problematic for those affected, thereby increasing the potential business interruption losses.
Macfarlane warned cyber-criminals will often maintain a “watching brief” in breached systems for as long as six months after an initial breach, waiting for the most opportune moment to strike in order to maximise their gain.
“It may well be that your business is already more at risk than you would care to think,” he said.