Cyber Attack on CMA CGM Spotlights Alarming Problem in International Shipping
CMA CGM Hydra
Cyber attack is back in international shipping news this week, as CMA CGM became the latest major ocean freight carrier to fall victim to this disturbing trend.
All the Top Ocean Carriers Getting Attacked with Ransomware
Regular readers of Universal Cargo’s blog may remember us posting about the world’s largest ocean carrier by capacity, Maersk, getting hit by cyber attack a few years back. Maersk, however, is not the only other major ocean freight carrier that has recently been hit by a serious and disruptive cyber attack. Catalin Cimpanu outlines in an article for Zero Day Net that all four of the world’s largest ocean carriers have now recently been hit by cyber attack:
- APM-Maersk – taken down for weeks by the NotPetya ransomware/wiper in 2017.
- Mediterranean Shipping Company – hit in April 2020 by an unnamed malware strain that brought down its data center for days.
- COSCO – brought down for weeks by ransomware in July 2018.
On top of these, we also have CMA CGM, which today took down its worldwide shipping container booking system after its Chinese branches in Shanghai, Shenzhen, and Guangzhou were hit by the Ragnar Locker ransomware.
Cimpanu’s article is particularly interesting in that it points out how the shipping industry stands out when it comes to cyber attack.
This marks for a unique case study, as there is no other industry sector where the Big Four have suffered major cyber-attacks one after the other like this.
But while all these incidents are different, they show a preferential targeting of the maritime shipping industry.
…
“After Maersk was hit by the NotPetya crytper, I believe criminals realized the opportunity to bring a critical industry down, so payment of a ransom was perhaps more likely than other industries,” [Ken Munro, a security researcher at Pen Test Partners, a UK cyber-security company that conducts penetration testing for the maritime sector,] said.
Details About Cyber Attack on CMA CGM
The cyber attack on CMA CGM reportedly took place Monday. Today, on Thursday, the home page of the shipping company’s main website still prominently displays a block to inform customers that its eCommerce websites are temporarily unavailable.
It’s not surprising the block doesn’t actually mention cyber attack. Obviously, falling victim to cyber attack is not something CMA CGM would want to advertise. In fact, the carrier reportedly denied this was a cyber attack initially. However, the company soon confirmed it was a cyber attack, and a Lloyd’s list article shares more specifics about what CMA CGM is dealing with:
The cyber attack was launched using Ragnar Locker, a data encryption malware that has affected companies elsewhere. It is similar to an incident involving Portuguese energy firm EDP Renewables earlier this year.
In an email sent on Sunday and seen by Lloyd’s List (below), the hacker requested the French carrier to contact it within two days “via live chat and pay for the special decryption key”.
The Lloyd’s List article even included the below image of the ransom notice CMA CGM received from the criminals responsible for this attack.
CMA CGM ransom letter
CMA CGM did share publicly that it was hit by cyber attack. On Monday, CMA CGM published a news release:
The CMA CGM Group (excluding CEVA Logistics) is currently dealing with a cyber-attack impacting peripheral servers.
As soon as the security breach was detected, external access to applications was interrupted to prevent the malware from spreading.
Our teams are fully mobilized and access to our information systems is gradually resuming.
The CMA CGM network remains available to the Group’s customers for all booking and operation requests.
An investigation is underway, conducted by our internal experts and by independent experts.
A new communication will be issued at the end of the day.
Yesterday, CMA CGM posted the following update:
The CMA CGM Group continues to be fully mobilized to restore all its information systems.
Since the cyberattack, we have maintained our electronic booking solutions via INTTRA and via a manual form.
Today, the back-offices (Shared Services Centers) are gradually being reconnected to the network thus improving the bookings’ and documentation’s processing times.
We suspect a data breach and are doing everything possible to assess its potential volume and nature.
Our technical teams, alongside independent experts, are continuing the investigation.
Updates will be provided regularly as the situation evolves.
Quick Conclusion
It turns out the post Universal Cargo published on Tuesday titled Reasons Why Supply Chain Risk Management Is More Important Than Ever Before was even more apt than we realized when we accepted the guest article submission. Cyber security, not surprisingly, was even one of the supply chain risks that came up in the article.
Of course, the international shipping industry is not merely a giant industry on its own, but the vast majority of indsutries and economies around the world depend upon it. It’s an old stat, but 90% of the world’s goods are transported by ship. That means when an ocean freight carrier is attacked, many outside of the industry can potentially also fall victim.
Obviously, this reinforces shippers’ need for cargo insurance, but it makes the target on the international shipping industry’s back larger. There’s more at stake when an ocean freight carrier is attacked than there typically would be when a large company in another industry is attacked.
Carrier after carrier, and the largest ones in the industry at that, falling victim to cyber attack makes it clear this industry needs an upgrade in protection against hacking, malware, and other forms of cyber attack to protect itself and you, the shippers whose businesses depend upon it.
