With the latest cyber attack on a major French shipping firm, hackers have now hit all of the world’s four largest shipping companies with cyber attacks, targeting what they see as one of the most prized industries.
The news comes after hackers targeted French company CMA CGM with a ransomware attack that saw threat actors encrypt the company’s system – which included its booking facility – until a ransom was paid to those responsible for the cyber attack.
The shipping company said in a statement that “CMA CGM is currently dealing with a cyber-attack impacting peripheral servers… as soon as the security breach was detected, external access to applications was interrupted to prevent the malware from spreading.”
The cyber attack has impacted two of CMA CGM’s Asia-Pacific-based subsidiaries, with its booking system disabled by hackers. The company has the fourth-largest fleet in the world, with more than 500 vessels.
The latest cyber attack brings the total number of successful cyber attacks on the world’s largest shipping companies to four in the past three years. ZDNet is reporting that APM-Maersk was hit in 2017 by a ransomware attack that took down the company’s network for a month-long period, while an attack earlier this year on the Mediterranean Shipping Company brought its data center to a close for days. Finally, a 2018 ransomware attack on COSCO saw it unable to operate for a total of four weeks.
- APM-Maersk suffers Ransomware Attack in 2017
- COSCO targeted by ransomware attack in 2018
- Mediterranean Shipping Company hit by malware in 2020
- CMA CGM hit by ransomware attack in 2020
Get Your Free ISO 27001 Gap Analysis Checklist
The most recent attack on CMA CGM saw hackers take down the company’s booking system after a ransomware attack launched against its Shanghai, Shenzhen and Guangzhou implanted Ragnar Locker ransomware that effectively locks up the company’s system until a ransom is paid to hackers, usually in the form of bitcoin.
Ken Munro, who works as a security researcher with Pen Test Partners, conducts a number of different cybersecurity tests for firms in the maritime industry says shipping companies are more likely to pay the demands of a hacker due to the critical nature of their systems.
He told ZDNet that “I’m not so sure it’s that they’re any more or less vulnerable than other industries… it’s that they are brutally exposed to the impact of ransomware.”
“After Maersk was hit by the NotPetya crypter, I believe criminals realised the opportunity to bring a critical industry down, so payment of a ransom was perhaps more likely than other industries.”
The number of cyber attacks launched against the maritime, shipping and logistics industries has increased in recent years, with reports of malware being implanted into a vessel’s IT system, which can spread to a company’s entire network infrastructure.
In response, the maritime industry has published two separate cyber security guidelines for companies operating in the space; the first of which you can read here, and the second here.
Security researchers have pointed out that while it’s imperative to maintain the integrity of a vessel’s onboard systems, ultimately this effort can be undone by hackers targeting data centres and headquarters of the companies back on the land. Physical offices and data centers provide a much more attractive means of entry into a company’s network, researchers say.
ZDNet’s report states that “these systems have often been hacked by sea pirate groups looking for ship manifests, container ID numbers, and ship sea routes so they can organise attacks, board ships and steal containers transporting high-value goods like electronics and jewelry.”