Australia Struggles to Restart Port Operations After Cyberattack

DP World Plc struggled to restore operations at its ports in Australia after a cyberattack forced a mass closure, prompting government crisis meetings over the weekend and leaving tens of thousands of containers stranded ahead of the year-end holiday season.

Article content

(Bloomberg) — DP World Plc struggled to restore operations at its ports in Australia after a cyberattack forced a mass closure, prompting government crisis meetings over the weekend and leaving tens of thousands of containers stranded ahead of the year-end holiday season.

Interruptions at four of the nation’s largest ports are expected to continue for several more days as DP World’s IT system remained disconnected from the internet since the hack on Friday, the government said Sunday. DP World Australia hasn’t received a ransom demand and doesn’t know which organization is responsible, the Australian Financial Review cited a top company official as saying.

Advertisement 2

Article content

Article content

DP World, one of the world’s largest port operators, is the latest victim in a string of devastating, high-profile cyberattacks globally this year. Last week, Industrial & Commercial Bank of China Ltd. — the world’s biggest lender by assets — was struck by a ransomware attack that blocked some Treasury market trades from clearing and forced brokers to reroute transactions. 

As more ports automate and move away from paper documentation, hackers pose a growing problem to the region’s shipping networks. Ransomware hackers install malware on their victims’ systems, holding them hostage until they receive payment. It wasn’t immediately clear whether ransomware was behind the attack on DP World.

“This incident is a reminder of the serious risk that cyber attacks pose to our country, and to vital infrastructure we all rely on,” Home Affairs Minister Clare O’Neil said Sunday on X, estimating DP World manages almost 40% of goods flowing in and out of Australia. “Managing cyber incidents of this kind is incredibly complex.”

Australia’s ports are critical to its economy, with the nation moving 98% of its trade by sea, according to Ports Australia, a leading industry body. A lot of what Australians use on a daily basis — from computers to clothes and medicine are imported — while the country is a key agriculture, energy and mining exporter.

Article content

Advertisement 3

Article content

Police are investigating the cyberattack. DP World is combing through its servers to find out where hackers may have been, the data they may have looked at or and moved, and if they left any malicious software, the Australian Financial Review reported, citing Nicolaj Noes who oversees the Oceania business.

Noes told the paper there was a possibility that alarms raised by the firm’s monitoring software gave it time to shut down its systems before data was stolen or locked up. 

The disruptions at ports in Sydney, Melbourne, Brisbane and Fremantle also comes as the company is embroiled in an on-going strike by the Maritime Union of Australia over wages and better work conditions. 

DP World said early Sunday that it has made “significant progress” in re-establishing freight operations, as teams tested key systems that are crucial for the resumption of normal operations and regular movement.

The company is collaborating with other ports and terminal operators to facilitate the flow of some freight, and working closely with the government and other stakeholders “to identify and retrieve sensitive inbound freight,” it said.

Advertisement 4

Article content

The government is assessing and developing its “understanding of the flow on impacts to Australia’s logistics system,” National Cybersecurity Coordinator Darren Goldie wrote on X. Goldie convened the National Coordination Mechanism over the weekend to bring together government agencies and maritime and logistics sectors as part of the response to the incident.

“While I understand there is interest in determining who may be responsible for the cyber incident, our primary focus at this time remains on resolving the incident and supporting DP World to restore their operations” and recommence cargo shipments, Goldie said.

The various agencies and departments “will work with DP World to ensure that government and industry stakeholders have appropriate situational awareness necessary to support the management of any disruption to Australia’s supply chains,” he said.

This isn’t the first time hackers have targeted major ports. In July, Japan’s biggest maritime port was hit by the notorious hacking gang Lockbit, a ransomware group with Russian ties that was also behind this week’s ICBC attack. A month earlier, several Dutch ports including Amsterdam and Groningen faced distributed-denial-of-service attacks, known as DDoS. 

In 2021, South Africa’s port and rail company was struck by a ransomware attack that forced it to declare force majeure at container terminals and switch to the manual processing of cargo. 

—With assistance from Karen Leigh and Sharon Klyne.

Article content

Comments

Postmedia is committed to maintaining a lively but civil forum for discussion and encourage all readers to share their views on our articles. Comments may take up to an hour for moderation before appearing on the site. We ask you to keep your comments relevant and respectful. We have enabled email notifications—you will now receive an email if you receive a reply to your comment, there is an update to a comment thread you follow or if a user you follow comments. Visit our Community Guidelines for more information and details on how to adjust your email settings.

AustraliacyberattackOperationsPortRestartStruggles
Comments (0)
Add Comment