DP World Cyberattack Blocks Thousands of Containers in Ports

Cyber Security Threat Summary:
International logistics firm DP World Australia announced that a cyber attack has severely disrupted it’s regular freight movement in multiple Australian ports. DP World specialized in cargo logistics, port terminal operations, maritime services, and free trade zones, they have an annual revenue of over $10 billion. In total, the firm operates 82 marine and inland terminals in 40 countries, handles 70 million containers annually carried by 70,000 vessels, and manages roughly 10% of all global container traffic. DP World has the largest presence in Australia, handling over 40% of the nation’s container trade.

Last Friday, the company issued a statement disclosing that they were impacted by a cyber attack on Friday, November 10th, which disrupted landside freight operations at its ports. In response, the company activated its emergency plans and engaged with cybersecurity experts to overcome problems caused by the incident. It is currently testing key systems required to resume normal business operations. Since Friday, roughly 30,000 shipping containers of varying importance have been unable to operate.

Security Officer Comments:
The estimated damages are in the millions of dollars, as many of the stranded containers hold time-sensitive goods such as blood plasma, wagyu beef, and lobsters. Media statements mention the possibility of data access and exfiltration, which paired with the ceasing of operations could point to a ransomware event.

We have not seen a listing for DP World on any of the ransomware leak sites, but the operators often attempt to exploit victims for a ransom before publicly listing or releasing data.