Australians getting ready for Christmas this week had reason to believe even the best of preparations were not enough after a cyberattack hit all its major ports.
DP World, which operates container ports in Australia and the region, first detected problems last Friday so unplugged its systems to minimise the impact while it examined what had happened.
While operations resumed at the ports Monday , the cause is still unclear and the incident continues to be investigated.
With responsibility for about 40% of freight movement at Australian ports, and a significant 10% of global trade through its international operations, the attack disrupted the flow of goods coming from ports DP World operates.
Deliveries of import items such as videogames, air-conditioners, furniture and pharmaceuticals were held up.
As well, Australian exports of goods including processed meat, dairy products and fruits, all with limited shelf life, were delayed.
Why this cyber attack is significant While DP World seems to be recovering, the incident highlights the potential vulnerability of global networks.
Supply chains rely on fully integrated solutions, from sellers overseas to buyers in Australia, to work efficiently.Information technology is embedded into them through equipment automation and data processing.Product visibility, customs clearance and checks for biosecurity risks rely on cargo information detailing where goods come from, who is responsible for them and their trading value.
With sensitive data linked to the movement of containers, it is no wonder logistics professionals recognise cybersecurity as a major threat to operations – not to mention their obligations under the Security of Critical Infrastructure Act .
If there is still no certainty of the specific nature of the incident with DP World, there are few likely causes.
Ransomware has been on the rise, with incidents aligned to prolific cyber-criminal gangs including REVil and more recently LockBit.
In an attack, data is usually extracted from an organisation and then rendered inaccessible to users – typically using encryption.The organisation will usually receive a ransom demand to “unlock” the data, often payable using a crypto-currency.
In recent years the trend of double-extortion has become common, where the criminals incentivise their victims to pay by threatening to release the data publicly if they refuse.
While refusal is a possibility, the nature of the disruption could mean a loss of access to critical systems and information.
If data is inaccessible, operations would need to be halted, leading to even greater losses.
Recovering systems would require restoration from backups and a thorough inspection for any traces of the original infection or compromise.Finally, checks would be needed to ensure no data had been lost and to identify any missing consignment data after the previous backup had taken place.
Read more: Major cyberattack on Australian ports suggests sabotage by a ‘foreign state actor’
If the incident is a direct cyber-attack that infiltrated systems and stole or modified data, this would also require a complete system shutdown.Without the integrity of systems, consignment data cannot be trusted and the Australian Border Force would be unable to verify the content of shipments.
There would also be issues with the collection of duties, taxes and fees.
The real risk behind this attack is what it could mean for Australia’s shipping reputation.Dean Lewins/AAP Disconnecting DP World from networks allowed the investigating team to inspect systems to look for impacted systems and to evaluate the depth of any infection.This process also needs to consider the original infection mechanism – you don’t want the systems re-infected.
The timing could have been worse The cyberattack caused the ports operated by DP World to start filling up with containers, but it had not yet become critical.
While Black Friday, Cyber Monday and Christmas are an extra busy time for retailers, there is usually a marginal increase in movement compared to other times of the year, typically less than 10%.
With around 1.4 million containers to be moved in the last three months of the year, the impact of losing a few days should be minimal..
