Systems managing the transfer of containers within the ports were compromised, and whether data has been accessed or indeed stolen is yet to be established. The company announced that it quickly disconnected its system from internet activity, ceasing unauthorised access to its network.
Speculation has already raised concerns that a broader supply shortage of goods could impact the economy, adding to further inflationary pressures. The prices of goods could rise, and the RBA may be forced to consider further interest rate hikes. These potentialities demonstrate how significant such an attack on Australia’s ocean borne trade sector can be for the economy. In truth, the costs will take some time to tally up.
For the time being, there has been no call for ransom. But outside of espionage, the most likely scenario for attacks of this nature is ransomware. Such attacks currently outline the majority of the costs associated with global cyber incidents. Programs like North Korea’s 2017 WannaCry attack can disable a company’s operating system, exfiltrate customer and company data, and hold organisations for ransom or delete data. In fact, WannaCry has lasted much longer than anticipated for the very reason that companies to this day still have not patched a Window systems flaw exploited by a stolen U.S. National Security Agency program called EternalBlue.
In the cyber lexicon, Common Vulnerabilities and Exposures are high on the list of challenges for states. In other words, corrupting programs often exploit systems within widely used open-source software applications or work within existing software flaws. Organisations in the value chain that don’t comply to strict cyber protocols can pass on malware and other infected code to other organisations creating a chain of vulnerabilities and incidents.
In maritime cyberattacks, statistics suggest that exposed software challenges make up the majority of cyber security incidents. These include exposed shipping company /carrier IT systems (25 percent), exposed IT systems belonging to sub-contractors, shipyards, service providers and others (18 percent), and exposed port IT systems (14 percent). About 10 percent account for espionage.
Other cyber incidents across ports more specifically highlight the role played by ransomware in cyber-attacks, with recent examples including the 2020 attacks against Kennewick port in Washington State and Langsten port in Norway. Still, others have been subject to cyber-force majeures – attacks such as those against four major ports in South Africa in July 2021 that completely disabled computer systems, making them unusable.
The global state of cyber insecurity
Cyber vulnerability begins in often small spaces, where malicious actors trawl for weak points. National cyber threat reports in New Zealand, for instance, outline that vulnerability scanning – an automated process that looks for vulnerabilities – is the second most common cyber incident. Once a vulnerability is found, the data is often stored or sold on the dark web. A determined actor can then use that vulnerability to install ransomware that can then take a system hostage.
In a pure destructive malware incident like the 2017 NotPetya attack, data can be wiped, and multiple organisations and downstream businesses can be infected causing billions in damage, as well as broader systems failure, some including to hospitals and banks. NotPetya is a good example of Russian cyberwarfare, a term that is increasingly finding use in cyber analyses.
Data from the Centre for Strategic and International Studies (CSIS) illustrates that nationally significant cyber incidents – that is, state actions, espionage, and cyberattacks with losses amounting to over US$1 million dollars – are occurring almost on a daily basis. Between September and August this year, 37 significant cyber incidents were tracked across the world. Most of these were state-sponsored, meaning that activities could be tracked to locations within sovereign territories. One ransomware attack wiped four months of Sri Lankan government data. In another, “Russian hackers stole thousands of documents from the British Ministry of Defense and uploaded them to the dark web.”
State-sponsored actors have the highest level of sophistication and know-how, and often significant resources. Their aims tend to be espionage and intellectual property theft, but just as often can be destruction. As the competition between autocratic and democratic governments increase, state-sponsored actor attacks, either implicitly accepted or explicitly employed by the states, will increase. Across the 104 major cyber incidents monitored by the CSIS across the year (January – September), Russia was implicated 36 times, the People’s Republic of China 17, Iran nine, and North Korea eight. The list is not exhaustive, and many cyber incidents from Russia are directed toward the Ukraine and the Baltics. But the significance is clear, a lack of collective commitment and capability will continue to embolden actors to undertake destructive attacks, like the DW World Australian incident.
The upcoming release of the 2023–2030 Australian Cyber Security Strategy will require a strong international component to engage like-minded nations to meet the threat of internationally located cyber threat actors. This is expected, although the details are yet unclear. Nations cannot respond alone, and current domestic-focus, response-oriented frameworks are not fit for purpose.