Maersk ransomware attack has potential to disrupt 'tens of thousands' of shippers, warns analyst


©Andrew McAlpine
The cyber attack on Maersk has the potential to throw global container supply chains into chaos, according to Lars Jensen, chief executive of maritime cyber security firm CyberKeel.
Mr Jensen told delegates at the TOC Europe Container Supply Chain conference in Amsterdam today that the attack is likely to spread well beyond Maersk, its terminal operating arm APM Terminals, and its customers.
According to his calculations, Maersk’s shipping lines – Maersk Line itself, Safmarine, Seago, MCC Transport and Sealand – book 3,300 teu every hour, representing some $2.7m in revenue per hour.
At the point of writing that equated to at least some 82,500 teu and revenues of $67.5m – a combination of shipments caught up in ports and on vessels, and likely lost bookings.
“But there are other shipping lines that have boxes on board Maersk vessels – these will not be able to be unloaded; other lines use APM Terminals’ facilities; and even the third party terminals that are unaffected may well have piles of boxes on their facilities that will unable to be cleared,” Mr Jensen said.
The number of shippers affected could amount to the tens of thousands.
“If this goes on much longer they will start to be trying to book with other lines – but guess what, the shippers I spoke to today are being told by other carriers that we have entered the peak season and there’s no space on vessels,” he said.
One forwarder, however, told The Loadstar that due to the attack he was hopeful of getting space on a Maersk ship next month – at a good rate –  that might otherwise have been booked. But another said it was a “serious issue”.
Mr Jensen said the attack illustrated the inherent digital weakness of the shipping industry.
“By no way does this imply that Maersk had insufficient security – if someone wants to hack you they will find a way.
“What it does mean is that shipping needs to build resilience into its digital products- it’s not about building a system and laying a security system over the top, but building security up front when you begin to develop a system, which I’m afraid is likely to cost more,” he said.

Maersk booking and port operations hit by cyber attack as hackers demand ransom

© Mopic cyber attack
© Mopic
Maersk Line is today unable to take bookings following yesterday’s Petya ransomware cyber attack, in what has been called “shipping’s Y2K moment”.
While all vessel operations will continue, making “the majority” of port calls, the shipping line says it has “shut down” IT and communications infrastructure as a security measure.
Maersk said: “Access to most ports is not impacted, however some APM Terminals are affected and gates are closed. Cargo in transit will be offloaded as planned.  Import cargo will be released to credit customers.”
Petya is thought to have disrupted 17 of APMT’s terminals, including Los Angeles, Rotterdam and Jawaharlal Nehru Port Trust in Mumbai, leading to some confusion and congestion. APMT was unavailable for comment.
TNT Express is also said to be a victim, suffering some warehouse operation issues.
Fear of cyber attacks has grown recently in the logistics industry. It rose to sixth on the list of the World Economic Forum’s Global Risks Report 2017, after entering the list in 2014.
Jody Cleworth, CEO of blockchain-based forwarder Marine Transport International, said: “We are facing our Y2K moment. It shows that legacy systems are outdated and simply no longer fit for purpose.”
One of the particular problems for the supply chain is the large number of stakeholders involved – just one weak link can open them up to attack.
However, this threat can be eliminated by using blockchain, a global distributed ledger, currently being examined by Maersk.
“It is open to anyone, where anything of value like money, containers, bills of lading, location and routing information, are stored and managed securely and privately,” Martyn Walker, of Agility Sciences, told The Loadstar.
“Trust is established through mass collaboration and code, rather than by powerful intermediaries like governments, banks and corporations.
“A Trojan attack like this would not have had any impact. Blockchain runs in a sterile environment. The only way to get data in is through the chain – but an attack wouldn’t work, and it would also leave clues for forensic scientists.”
Lars Jensen, CEO of SeaIntelligence Consulting and CyberKeel, warned the industry of the threat last year.
“The industry is in very poor shape when it comes to cyber security. It needs awareness among senior management – this is not an IT issue. Firewalls and anti-virus software will not keep out dedicated attacks. If you think you haven’t been hacked – you are wrong.”
Meanwhile Maersk partner MSC felt obliged to put its own note out to customers, reassuring them that all its systems and business operations are working normally.
It said it was offering “full support” to Maersk and they were “working together to find other means to transmit data between the two companies. This includes information such as vessel bayplans, load lists, and customs information”.
It added: “If necessary, the 2M partners are prepared to divert ships from terminals which are not currently operating as a result of the attack.”
Mr Jensen also warned ports and terminals that they were likely to be in the vanguard of cyber attacks. Yesterday, he posted a blog noting: “We have specifically warned repeatedly against the likelihood of ransomware (and similar) attacks.
“A key component in the cyber defence for such attacks is having a solid plan for re-installing everything from back-up; something outlined as early as our white paper in 2014 about creating a maritime cyber-resilient organisation. How quickly Maersk will get back online is unknown.”
Mr Jensen revealed that Maersk Line generated a revenue stream of some $5.9m an hour – in 20 hours it would have potentially have “lost” $118m. But, he added: “This does not mean that Maersk has lost this level of business, it is likely a number of customers will simply postpone their bookings for a little while. But the keyword is “a little while”.
And he warned that the industry as a whole should take the issue seriously.
“Our general take on the state of the maritime industry is that cyber defenses are quite low and systems are easily breached (although positive exceptions do happen).
“Over the past 12-18 months, there has been a gradual change in the mindset of the industry, and the prevailing attitude is now a recognition that cyber security may indeed be a genuine threat.
“However, we also find that this recognition, in many cases, still does not translate into the allocation of appropriate resources to properly investigate a company’s current level of cyber security, or the allocation of proper resources related to sustained heightening of cyber readiness.”
The Petya attack began in Ukraine, with major impacts in Russia and Poland and, according to Wired, is designed to spread with speed.
The hackers have demanded a $300 bitcoin payment – however, the email client being used, German firm Posteo,  has closed the address listed so payments cannot be made.
Other major companies affected are pharmaceutical company Merck, and Russian oil giant Rosneft.


Comments