Cyber attack on COSCO Shipping not confined to North America

JULY 26, 2018 — The ransomware cyber attack on COSCO Shipping Lines is apparently not confined to the container shipping operator’s North American operations, as it indicated yesterday.

An update issued by COSCO today makes it clear that what it describes as a “network security problem” affects its operations in the Americas as a whole.

In today’s update, COSCO Shipping Lines says:

After the network security problem in the Americas has been detected, to protect the interests of our customers, we have taken proactive measures to isolate internal networks to carry out technical inspections on global scale. With the reliable confirmation from the technical experts that the networks in all other regions are secure, the network applications were recovered at 16:00 (Beijing Time) on 25th July in all the regions except the Americas. As of now, all the business operations have been back to normal in the regions with network recovered.

Meanwhile, we are trying best to investigate and fix the network problem in the Americas, and it is expected that the network applications will be gradually back to normal soon. We have started contingency plans, such as transfer of operations and conducting operation via remote access, to ensure continuous service in the Americas. During the network failure period, there could be delays in service response in the Americas, and we are expecting your kind understanding.

It is our core value to protect customers’ interests and guarantee network security. Therefore, all the service and communication channels we are now providing are safe and secure. Please rest assured it is safe to keep contact with us via our website, emails, EDI or CargoSmart.

The line also issued an FAQ on the problem that you can download HERE

NAVAL DOME CEO COMMENTS

While COSCO line seems to be trying to soft pedal the extent of its problems, Itai Sela, CEO of Israel based maritime cyber security firm Naval Dome, calls the attack “very worrying indeed.”

“While COSCO shut down its connections as a precautionary measure,” says Sela,” we have to emphasize that ships are not islands, they are not self-contained units. This is a mistaken belief. Shore- and ship-operations are cyber-connected.

“If shore-based and ship-based IT systems are linked, it could open a gateway to the COSCO ships, leaving them highly susceptible to an attack. Vessels do not need to be attacked directly but an attack can arrive via the company’s shore-based IT systems and very easily penetrate the ships’ critical OT systems.

“Although COSCO has been quick to respond to this hack, the virus may have been dormant for some time, so I would not be surprised if other systems – shore- and ship-based systems – have been breached.

“This kind of attack could spread through the entire fleet and its consequences might be devastating, and certainly costly, especially in terms of insurance. We strongly recommend to whoever discovered the attack, to thoroughly verify the breach has been contained and has not infected any ships in the COSCO fleet.

“This cyber attack, like the Maersk attacks last year, will no doubt send shockwaves throughout the industry and encourage board members to take immediate, effective protection. Regulators need to implement workable rules and guidelines to help this vitally important global industry defend itself properly.”