A cyberattack carried out this week by unknown assailants on DP World Australia, an international firm specializing in cargo logistics and port operations, marks the second incident directed at global critical infrastructure during November.
DP World Australia’s operations at four of the largest ports in Australia — in Sydney, Melbourne, Brisbane and Fremantle — were crippled by forcing the port operator to close the terminals.
The attack on the port operator comes on the heels of a cyber assault on China’s Industrial and Commercial Bank of China. That the two major attacks occurred so closely to one another may not point to the same operatives as much as it suggests that cyberattackers are increasingly targeting critical infrastructure operations, including transportation, energy and finance.
In a statement provided to Bleeping Computer, DP World Australia suggested its data breach may still be met with an extortion demand from the hackers with the looming threat of data access and exfiltration. But so far no mention of ransom has been made and no data has been leaked.
“A key line of inquiry in this ongoing investigation is the nature of data access and data theft.” reads the media statement. “DP World Australia appreciates this development may cause concern for some stakeholders […and] is working hard to assess whether any personal information has been impacted, and has taken proactive steps to engage the Office of the Australian Information Commissioner," (via Bleeping Computer.
At this point, no known ransomware group has taken responsibility for the attack.
Port Sails Toward Recovery of Operations
DP World Australia’s operations are being restored gradually, four days following the cyber strike, according to the port operator. The ports’ reopening comes after “successful tests of key systems overnight,” DP World Australia said in a statement, adding that about 5,000 containers would begin to move out of its four locations.
“The ongoing investigation and response to protect networks and systems may cause some necessary, temporary disruptions to their services in the coming days," DP World Australia said. "This is a part of an investigation process and resuming normal logistical operations at this scale.”
The estimated damages are in the millions of dollars, as many of the stranded containers hold time-sensitive goods, reports said. No official damage amount has been acknowledged by DP Australia.
The attack on the Dubai-headquartered DP World Australia caused movement of some 30,000 shipping containers to come to a standstill as stockpiling took over available storage space. The port manages nearly 70 million containers annually and 40% of goods that come in and out of Australia.
Putting Port Attack into Perspective
Security experts weighed in on DP World Australia cyberattack.
Dave Ratner, HYAS chief executive, said that attacks on critical infrastructure do more than just steal data."
"They have the potential for economic and consumer impacts, up to and including life-impacting ones," he said. "It's why implementing operational resiliency is so important. No longer is it sufficient to try and prevent all attacks. Organizations must have the appropriate level of visibility and resiliency to identify and stop breaches before damage of any kind ensues."
To prevent future breaches, international firms should implement a “low-code security automation platform [that] allows full visibility into IT environments through real-time data collection, creating a more efficient and comprehensive response,” according to Nick Tausek, lead security automation architect at Swimlane.