Maersk contains cyber attack, other lines hit

Maersk contains cyber attack, other lines hit

Maersk officials claim the cyber attack that hit it hard across the group’s global operations has been contained and a “technical recovery plan” is now underway, according to its latest update released this morning. All vessels are maneuverable and crews are safe, Maersk stated.

Maersk was one of the largest corporate names to have been hit by the Petya attack yesterday, underlining to shipping the very real threat posed to global supply chains by hackers. While Maersk has been the most high profile victim of yesterday’s attacks, Splash understands other shipping lines were also hit but have kept quiet on the matter.

As well as impacting offices and vessels, the ransomware hit 17 terminals run by APM Terminals across the world, creating some congestion and confusion in leading gateways such as Los Angeles, Rotterdam and Jawaharlal Nehru Port Trust in Mumbai. A number of these terminals were forced to close down yesterday and some have yet to reopen.

The Petya hack comes just weeks after the WannaCry global attack and shipping should now brace for a wave of further cyber attacks.

Law firm Norton Rose Fulbright’s latest annual transport survey, released today, show that 80% of those surveyed believe the coming five years will see cyber crimes increase.

Lars Jensen, founder of CyberKeel, a consultancy aiming to protect shipping companies from being hacked, noted in a post on LinkedIn today that the maritime industry as a whole was still not allocating appropriate resources to fight this growing scourge.

“Over the past 12-18 months, there has been a gradual change in the mindset of the industry, and the prevailing attitude is now a recognition that cyber security may indeed be a genuine threat – however we also find that this recognition in many cases still does not translate into the allocation of appropriate resources to properly investigate the company’s current level of cyber security nor the allocation of proper resources related to sustained heightening of cyber readiness,” Jensen wrote.

Looking at the Maersk attack, Jordan Wylie, founder of the Be Cyber Aware At Sea Campaign, said the perpetrators of the Petya ranswomware were getting more savvy at how to hack to the heart of an organisation.

“Taking out a business’s HQ or a series of port terminals is much more disruptive and damaging to an organisation than taking out a single vessel. Why take out a solider on the battlefield when you can wipe out the whole battalion,” he said.

Whilst awareness is ideal and very much a starting point for the maritime industry, Wylie said detection is a must and without an effective mitigation and response plan, awareness and detection are completely irrelevant.

The Petya ransomware takes over computers and has demanded a $300 payment. The malicious software spreads rapidly across an organisation once a computer is infected using the EternalBlue vulnerability in Microsoft Windows or through two Windows administrative tools. The malware tries one option and if it does not work, it tries the next one. It has a better mechanism for spreading itself than WannaCry.

With Splash getting unconfirmed reports of other shipowners being hit, the industry’s innate secretiveness makes it hard for lines to come together to share best practice in this domain.

“I expect there may be an unwillingness for owners and managers to speak too much in public about the cyber attack on Maersk in particular,” said a leading PR consultant speaking on condition of anonymity. “There is an awareness of not bringing down the evil eye and more to the point not to paint a target on your own back.”

One owner willing to comment was Nick Fisher, the head of Singapore’s Masterbulk, who told Splash today: “It goes to show that the targeting of the maritime industry has moved rapidly from a subject of conference speculation to reality. It highlights that we are all vulnerable irrespective of size or quality of the organisation and that those that don’t already have some kind of policy and contingency plan in place need to take action.”

Nick Brown, marine and offshore director at UK classification society Lloyd’s Register, told Splash today: “Cyber security must be considered with the utmost importance as a fundamental component in the risk profile of critical assets that are connected. As we have unfortunately seen this week, our industry is far from immune to these incidents and the consequences are far reaching. Across the marine and industry, there’s still huge variation in levels of awareness, and preparedness for, the increasing role of cyber technologies. Understanding the level of cyber readiness is the essential first step to identifying, mitigating and managing the risk.”

It is not just the information and communications technology (ICT) that needs to be considered, but also the operational technology (OT) of a vessel and the interdependencies of these systems, Brown observed.

“All systems onboard and – critically – onshore, need to be considered; how they are designed and installed, how they connect, and how they will be managed,” Brown urged.

Rory Macfarlane, a partner at law firm Ince & Co in Hong Kong, who was writing on this topic for Splash 12 days ago, suggested shipping needs to look big picture when it comes to losses made from ransomware attacks.

“To view losses from these attacks purely in terms of ransoms paid is a mistake,” Macfarlane told Splash today. “Losses incurred in terms of business interruption, rectification and reputation will be extensive and will continue to grow as these attacks become more and more common.” The early signs with Petya are that decryption may be problematic for those affected, thereby increasing the potential business interruption losses.

Macfarlane warned cyber-criminals will often maintain a “watching brief” in breached systems for as long as six months after an initial breach, waiting for the most opportune moment to strike in order to maximise their gain.

“It may well be that your business is already more at risk than you would care to think,” he said.

Sam Chambers

Starting out with the Informa Group in 2000 in Hong Kong, Sam Chambers became editor of Maritime Asia magazine as well as East Asia Editor for the world’s oldest newspaper, Lloyd’s List. In 2005 he pursued a freelance career and wrote for a variety of titles including taking on the role of Asia Editor at Seatrade magazine and China correspondent for Supply Chain Asia. His work has also appeared in The Economist, The New York Times, The Sunday Times and The International Herald Tribune.

Related Posts

4 Comments

  1. Lee Williamson
    June 28, 2017 at 1:11 pm

    This was not a targeted attack at Maersk alone, lets not fool anyone to try and generate hype and headlines.

    It was a Cyber accident waiting to happen. Simply by not taking precautions such as patching updates provided by Microsoft could lead to this and many more organizations across many industries were effected yesterday, today and last month by wannacry.

    By deploying patches in a timely manner, using technologies which combat zero day threats like ransomware which have been commercially available for over two years would have reduced the threat and therein the risk

    The need to combine technology, with education, polices, procedures not just on an IT level but business level is needed to reduce the threat.

    If you aren’t aware of a risk or how threats combined could effect your operations, how can you expect to mitigate them or be ready to recover in a planned timely manner?

  2. Lars H. Bergqvist
    June 28, 2017 at 2:58 pm

    The simple fact is that it is impossible to take out a vessel.

  3. Jan J Sundberg
    June 29, 2017 at 6:57 am

    It is amusing to see the commotion around some down time in the addictive onliness!
    We need to understand that it does not matter for a ship to be safe if it is offline or online! As long the engines are running, rudder, prop and magnetic compass is in working order and the hulls is intact all is good onboard! It is hopelessly insane that we even arrive to believes that anyone on this planet can build something that cannot be infected by virus or hacked! If something is online, we can corrupt the protocols! The only thing what can be done is to build time consuming barriers to get early alert that somethings is going. There are actually smarter offline tested protocols to know where the ship is at any given time! It is evident that shipping & logistics chains which need online protocols to function will not work in the future and to that there are also offline tested protocols! We just need to think and open our minds a bit more! The funny thing is that there is no larger profits even if thousands or millions are following a floating and propelled steel box moving from port A to B. I guess we have stumbled into a temporary bubble believing that it is online, data, cyber security which sails the ships! It is not, it is a bunch of certified sailors working together onboard and they could not care less what happens ashore! We can easily sail the ship anywhere with a chronometer, sextant and a compass. If we lose them, we still have the stars and planets to follow and Polaris and the Southern Cross was still in the same place the last time I checked 🙂

  4. G
    June 29, 2017 at 11:33 am

    just in – that decryption wasn’t even built into this version, no point trying. Point is:

    1) either pay microsoft
    2) learn to use alternatives where possible
    3) don’t use a computer

    Lesson, I would imagine how burdensome and overimposing is MAERSK’s IT dep’t, and still messed up. The size and ambitiousness of your IT will probably not help much it seems.