Several of Australia’s largest ports have experienced a significant cyberattack, resulting in delays and congestion. The breach, detected by port operator DP World, impacted critical systems used for coordinating shipping activity. As a precautionary measure, DP World shut down access to their port networks to prevent further unauthorized access. While containers can still be unloaded from ships, trucks transporting the containers cannot enter or exit the terminals until the full extent of the breach is known. Media reports suggest that cargo could be stranded at the ports for several days.
The Australian Federal Police and the Australian Cyber Security Centre are currently investigating the source and nature of the attack. The timing, scale, and impact of the disruption indicate that this was a targeted attack. The incident occurred on a Friday night when most staff were off duty, making it less likely to be noticed or responded to immediately. The target, a major port operator responsible for a significant portion of Australia’s trade and commerce, suggests that the attack may have been carried out by a foreign state actor attempting to undermine national security or economic interests.
Similar cyberattacks on ports and shipping have become more common in recent years, highlighting the vulnerability of the maritime industry to cyber threats. The attack on DP World may have taken advantage of vulnerabilities in their system or gained access through phishing emails or malicious links. To prevent future attacks, continuous monitoring of networks, prompt installation of security updates, and keeping critical systems separated are crucial. Additionally, dedicated cybersecurity personnel, employee training, and incident response plans are essential for improving preparedness. Close coordination with government counterparts and industry partners on intelligence sharing and cybersecurity best practices is also necessary. The incident serves as a reminder that cyber resilience must be a top priority for maintaining a seamless flow of goods in supply chain infrastructure.
“We will provide further updates as they become available.”
DP World had not patched a vulnerability in one of its IT systems that Russian hackers were exploiting before it detected the intrusion last Friday, according to screenshots seen by The Australian Financial Review.
In response to the breach, the company shut down its systems, resulting in the crippling of about 40 per cent of the country’s import and export capacity because trucks could not collect containers from DP World facilities. It has since restarted operations.
Cybersecurity Minister Clare O’Neil and the Australian Cyber Security Centre have warned businesses to urgently update Citrix systems that are being exploited on an industrial scale by the Russian cybercrime group LockBit and its affiliates.
Vaughan Shanks, chief executive of Australian cybersecurity software company Cydarm, said LockBit had found a vulnerability in a system called Citrix Netscaler, which companies use to deploy applications online. LockBit, which makes ransomware that it then sells to other criminal groups, had then scoured the internet to fund unpatched systems.