Shipping industry hit by multiple cyber attacks

Shipping line CMA CGM and International Maritime Organisation hit by cyber attacks within space of a week as cyber attacks on supply chains become more common

Image by Gerd Altmann from Pixabay

The shipping industry is facing increased threat from cyber attacks, as it faces the reality of two major attacks in the space of a week. CMA CGM reported that it had faced a cyber attacks on Monday 28th September and then was followed by a statement on Thursday from the IMO that it too had been facing a prolonged cyber attack.

CMA CGM was hit through an attack that attempted to identify weaknesses in their peripheral servers, causing it to shut down shut down access to its online services and to redirect customers to alternative channels.

The company said that the attacks was conducted using malware and, according to a report from Lloyd’s List, the cyber incident is a ransomware attack by the “Ragnar Locker gang”. Ransomware attempts to steal critical data or lock down key systems, so that organisations are forced to pay for access or decryption in order to restart services.

CMA CGM, which is the world’s fourth-largest container shipping company, that access did occur and that there has been a data breach.

“We suspect a data breach and are doing everything possible to assess its potential volume and nature,” it said in a statement.

CMA CGM said on Tuesday that its maritime and port operations were functioning normally, adding that the malware attack had not compromised any of its communications.

Like the CMA CGM incident, the IMO was forced to shut down access to its intranet and its website following a sophisticated cyber attack to prevent further damage

The IMO said that the primary issues lay with their website, www.imo.org, and that it had restored a it had restored a number of services at the time of writing, including its Global Integrated Shipping Information System (GISIS) database, and a spokesperson said that internal and external emails continued to work.

At the point this article was published, the website remained offline.

“The interruption of service was caused by a sophisticated cyber attack against the organization’s IT systems that overcame robust security measures in place. IMO IT technicians shut down key systems to prevent further damage from the attack,” it said in a statement, adding it was “enhancing systems to prevent recurrence”.

It is unclear how access was gained at this stage or who was behind it, but initial analysis suggests older programs run on the IMO website may have been the point of entry.  

These attacks are just the latest in a longer term trend of attacks on shipping companies, with MSC reporting an attack earlier this year, and Maersk facing an attack so severe that Wired reported that its data was only saved by an unconnected server.

comments powered by Disqus