• Ransomware attack on COSCO Shipping Lines comes amid vulnerable information security environment

    01 August 2018

    The July 24 IT outage at COSCO Shipping Lines, originating at the Port of Long Beach and later reverberating to COSCO assets in the UK, are indicative of an increasingly vulnerable security environment for the maritime shipping industry as well as supply chains as a whole. The outages, coming a little over a year after the worldwide Petya ransomware incidents that disabled Maersk facilities and cost the company roughly USD 250 million, are deemed to be less potent than the attacks of 2017. Yet due to their rapid propagation, these developments are no less perturbing.

    While COSCO sources indicated that regular port and business operations were functioning as usual, the breach proved deleterious to conventional communications, with the company resorting to out-of-the-box consumer solutions such as Yahoo to keep in touch with clients. The breach also impeded access to the company’s customer-facing site, disabling features such as the automatic bill of lading and container status checks. While the Pier J Terminal at Long Beach was the first to be affected, the breach impacted a critical access point to COSCO’s operations in the Americas. The effects of the ransomware’s presence at COSCO’s UK offices have yet to be determined.

    The impacts on supply chains were gradually felt throughout the course of the week. While shipping schedules were reportedly operating as normal, communications and operations were noticeably impacted. Status updates, customs clearance, booking transmission, data processing, and overall service delivery occurred via e-mail and phone as the local COSCO website has been rendered disabled. As of this writing, e-mail and booking systems are functioning again. This will inevitably create delays, and if left unresolved, can exacerbate congestion and shipping delays.

    A cause for concern about this attack and the security risk for the remainder of this peak shipping season has been raised in Washington. On July 23, the FBI issued a warning about the existence of a planned ransomware campaign, the likes of which have been seen before. The campaign described by the FBI, targeting victims ranging from households to government, is designed as an impersonation of an FBI warning of perceived illicit activity, and soliciting payment as an alleged fine.

    Corroboration by private sector maritime intelligence actors indicates that in spite of increased awareness after WannaCry, the number of intrusion attempts has increased since. Ransomware is also not the only threat to shipping, as credential phishing campaigns have been reported at the Port of Durban recently. The reverberation of this recent incident onto COSCO’s UK office comes shortly after a warning by Britain’s Government Communications Headquarters’ (GCHQ) National Cyber Security Centre (NCSC) about impending ransomware campaigns against the transportation, engineering, and defense sectors.

    With such developments in progress and warnings from law enforcement and intelligence services of future intrusions to come, it is imperative that those in and reliant on the shipping industry keep abreast of potential threats in order to plan for adverse eventualities. Customers may consider conducting a thorough assessment of transportation chokepoints as well as initiating discussions with suppliers that have access to its firewall to ensure that a robust cyber defense mechanism is in place to prevent the spread of any ransomware.

Tagged in: