Four major ports in Australia resumed operation on Monday after a weekend of cyber-induced downtime.
The incident afflicted DP World, a Dubai-based international shipping and logistics company that operates ports in Sydney, Melbourne, Brisbane, and Fremantle. Speaking with ABC Radio Australia on Monday, Clare O’Neil, the country’s cybersecurity and home affairs minister, drove home the impact of the attack, claiming that the company is responsible for approximately 40% of all freight into and out of the continent.
“To me, what’s unique about this target is the outsized effect it can have on markets and supply chains,” says Casey Ellis, founder and chief strategy officer at Bugcrowd. “When viewed through the lens of global trade warfare, a shipping supply line, or the ports which enable them, become a pretty compelling target.”
Disruption at Australian Ports
The incident first came to light on Friday, DP World noted in a media statement.
While the exact nature of the attack has not yet been publicized, the statement did note that “a key line of inquiry in this ongoing investigation is the nature of data access and data theft.”
Some experts have speculated that ransomware was involved. On Mastodon, cyber-threat researcher Kevin Beaumont fed fuel to the claim, linking the intrusion with Citrix Bleed, a vulnerability in Citrix NetScaler devices given a 7.5 “High” severity rating by the National Institute of Standards and Technology. Dark Reading has reached out to Beaumont for further detail but had not yet received a reply as of posting.
By contrast, “a source close to DP World” told the Sydney Morning Herald that the incident did not involve ransomware. It did involve “unauthorized access,” at least, according to one cyber analyst interviewed by Australia’s Today Show.
In general, Bugcrowd’s Ellis explains, “ports have the same systemic weaknesses that are common to many critical infrastructure verticals. This includes legacy technology, a prioritized focus on availability, and the simple fact that they aren’t the first thing that springs to mind when one thinks about critical infrastructure cybersecurity when compared to power, water, and so on.”
To stem the attack, the logistics company shut down its local systems through the weekend. As a result, by Sunday, the Financial Review reported that somewhere in the range of 30,000 shipping containers were stuck in port.
It didn’t entirely cripple the shipping industry, though. “DP World cranes continue to load and unload ships at Fremantle; the cybersecurity incident has only impacted its landside operations, specifically trucks entering and leaving its laydown area. Ship movements are at this time unaffected,” a spokesperson at Fremantle told the Australian media, adding that another company operating at the same port continued its operations uninterrupted.
Supply Chain Concerns Continue
By late Sunday night Eastern time, Monday afternoon in the Far East, DP World Australia returned to normal function.
Still, the country’s national cybersecurity coordinator Darren Goldie warned on X, née Twitter, that “although port operations have resumed, it does not mean that this incident has concluded,” referencing ongoing remediation and supply chain concerns.