Business Maverick

Business Maverick

DP World faces 30,000 container pileup after Australia cyber hit

DP World faces 30,000 container pileup after Australia cyber hit
Shipping containers and gantry cranes at Tianjin port in Tianjin, China, on Friday, June 30, 2023. (Photo: Qilai Shen/Bloomberg)

DP World Plc is struggling to work through a backlog of 30,000 shipping containers piled up at ports across Australia as the company resumes operations after a cyberattack.

Friday’s hack on DP World, one of the world’s largest port operators, triggered a company shutdown at the eastern ports of Melbourne, Sydney and Brisbane and at Fremantle in the west. While operations partially resumed on Monday, the investigation into the attack as well as measures to protect the network could disrupt services for days, DP World said in a statement.

The company expects to shift 5,000 containers out of the four ports on Monday, less than a quarter of the typical daily volume nationwide, a spokesman said. With local strikes also hitting DP World in coming days, it may be next week before normal activity resumes in Australia, the spokesman said.

DP World manages almost 40% of goods flowing in and out of Australia, exposing the country to widespread economic and commercial fallout from an attack on a single entity. The maritime trade giant is the latest victim in a string of high-profile cyber attacks this year. Industrial & Commercial Bank of China — the world’s biggest lender by assets — was recently struck by a ransomware attack that blocked some Treasury market trades from clearing.

As more ports automate and move away from paper documentation, hackers pose a growing threat to the region’s shipping networks. Ransomware hackers install malware on victims’ systems, holding them hostage until they receive payment.

With DP World struggling to get back on its feet, Australian Home Affairs and Cyber Security Minister Clare O’Neil said the government plans to force businesses to report any ransom incident, demand or payment. Authorities will also provide a guidebook to help companies prepare and deal with ransom demands, she said. 

DP World hasn’t received a ransom demand connected to the latest attack and doesn’t know which organization is responsible, the Australian Financial Review cited a top company official as saying.

Ransomware is the most disruptive cyber threat in the world today.

That’s why today we’re announcing the Albanese Government will work with industry to break the ransomware business model of the thugs and criminals behind it, and choke off their avenues of attack.

— Clare O’Neil MP (@ClareONeilMP) November 12, 2023

In an update to importers and exporters earlier on Monday, the Freight & Trade Alliance industry body said there was still disruption at DP World’s Australian ports. According to the update, DP World was restricting exports at Melbourne. It also warned of “unforeseen service impacts” in Sydney and changes or limits to truck access at Fremantle.

“DP World Australia’s investigation and ongoing remediation work are likely to continue for some time,” the company said in its statement.

This isn’t the first time hackers have targeted major ports. In July, Japan’s biggest maritime port was hit by the notorious hacking gang Lockbit, a ransomware group with Russian ties that was also behind this week’s ICBC attack. A month earlier, several Dutch ports including Amsterdam and Groningen faced distributed-denial-of-service attacks, known as DDoS. 

In 2021, South Africa’s port and rail company was struck by a ransomware attack that forced it to declare force majeure at container terminals and switch to the manual processing of cargo. 

Australia’s ports are critical to its economy, with the nation moving 98% of its trade by sea, according to Ports Australia, a leading industry body. A lot of what Australians use on a daily basis — from computers to clothes and medicine are imported — while the country is a key agriculture, energy and mining exporter.

Police are investigating the cyberattack. DP World is combing through its servers to find out where hackers may have been, the data they may have looked at or and moved, and if they left any malicious software, the AFR reported, citing Nicolaj Noes, who oversees the Oceania business.

Noes told the paper there was a possibility that alarms raised by the firm’s monitoring software gave it time to shut down its systems before data was stolen or locked up. 


Comments - Please in order to comment.

Please peer review 3 community comments before your comment can be posted

[%% img-description %%]

The Spy Bill: An autocratic roadmap to State Capture 2.0

Join Heidi Swart in conversation with Anton Harber and Marianne Merten as they discuss a concerning push to pass a controversial “Spy Bill” into law by May 2024. Tues 5 Dec at 12pm, live, online and free of charge.

A South African Hero: You

There’s a 99.8% chance that this isn’t for you. Only 0.2% of our readers have responded to this call for action.

Those 0.2% of our readers are our hidden heroes, who are fuelling our work and impacting the lives of every South African in doing so. They’re the people who contribute to keep Daily Maverick free for all, including you.

The equation is quite simple: the more members we have, the more reporting and investigations we can do, and the greater the impact on the country.

Be part of that 0.2%. Be a Maverick. Be a Maverick Insider.

Support Daily Maverick→
Payment options