It’s not just federal elections that are under threat. All four major shipping companies have been hit with cyber-attacks in the past four years. The entire industry is disrupted and rattled with every attack. From billion-dollar businesses to mom-and-pop stores, the ripples are felt across continents and on the other side of the sea. Even governments feel the pinch. Addressing cybersecurity for maritime shipping is an issue everyone needs to be aware of.
The Big Four Attacked
In 2017, APM-Maersk fell prey to a NonPetya campaign that brought down IT systems and operational controls across the board. The ransomware attack required a complete infrastructure overhaul and caused losses close to $300 million due to serious business interruption.
COSCO was brought down for weeks by ransomware in July 2018. The cyber-attack compromised the carrier’s ability to communicate with its vessels, customers, vendors, and marine terminals.
Mediterranean Shipping Company was hit by an unnamed malware strain in April 2020. The cyber-attack was confined to the company’s headquarters in Geneva and brought down its data center for days. It’s still up for debate on the financial cost of the cyber-attack for MSC.
In September, CMA CGM’s branches in Shanghai, Shenzhen, and Guangzhou were taken down by the Ragnar Locker ransomware. CMA CGM was forced to cut all external access to prevent the malware from spreading, disrupting its entire worldwide shipping container booking system.
“They’re Coming To Get You, Barbara”
It’s not that shipping companies are more vulnerable than other industries; it’s that they are more brutally exposed to the effects of ransomware.
There is no other industry sector where ‘the Big Four’ have suffered major cyber-attacks one after the other like this. None of these attacks were the same, but they show a preferred target: the maritime shipping industry. After the ‘successful disruption’ and financial costs of the AMP-Maersk attack in 2017, criminals realized the weight of their threats/ransoms in bringing a critical industry down. And so, they kept them coming.
Cyber-Attacks Go #Viral
International shipping is not an isolated industry. It touches coasts, ocean currents, and pretty much every major trade, industry, and economy on the planet.
It’s a dated stat, but 90% of the world’s goods are transported by ship. Some countries have an even higher percentage. Australia, for example, relies on transportation by ship for 99% of all its goods. 99%! If ocean freight is attacked, people, industries, and governments can also fall victim. There’s a reason why Navies across the globe all have an ever-evolving Maritime Trade Warfare plan. It’s a BIG deal.
01111001 01000001 01010010 (‘Yar!’ In Binary)
It’s true that the Big Four’s systems have been hacked by cyber pirate groups in the past looking for ship manifests, container ID numbers, and ship sea routes. All so they can organize attacks, board ships, and steal containers transporting high-value goods like electronics and jewelry. However, these attacks are much less disruptive, less common, or nowhere nearly as lucrative as ransomware attacks.
Despite all the efforts to protect ships from external hacking, the maritime industry has failed to treat its shore-based systems with the same level of attention.
Yeah, No Ship.
Ship hacking incidents may make the best headlines, but it’s not the ships that are usually attacked in the major incidents. It’s the attacks on a shipping company’s shore-based systems and their container booking applications that cause the most damage.
These are the systems that manage personnel, receive emails, manage ships, and are used to book container transports. Snoozefest! There is nothing particularly different from these systems compared to any other IT systems sitting inside other industry verticals. It may seem boring, but if you can’t book a container, there’s no point in having the ship.
And that’s how cybercriminals leverage their ransomware when attacking the Big Four.
Cyber Secure?
These threats reinforce shippers’ needs for cargo insurance. We at CargoTrans are here to help guide and advise on issues regarding insurance. As stated above, there’s more at stake when an ocean freight carrier is attacked than any other attack on other industries.
Carriers, from the Big Four to smaller, regional ones, are falling victim to cyber-attack. Our industry needs an upgrade to protect against hacking, malware, and other forms of cyber attack. It is needed to protect the continuous function of our entire industry, to protect you, and the shippers whose businesses depend upon it.
If you have concerns or questions on how this could affect your shipping plans, please reach out to our expert team. We are happy and ready to help.
