Cyber attack immobilises major Australian ports

A timeline of the DP World hack so far

The attack happened on Friday, 10 November, leading the UAE-owned stevedore to take its systems offline for three days. During the outage, DP World swiftly began working with other operators to get freight moving at the ports. However, due to customs regulations, there were a variety of challenges for directing ships to collect containers already at its docks.

DP World’s Oceania business head, Nicolaj Noes, acknowledged the difficulty in estimating the financial impact of the stalled containers. The disruption led to a near-capacity pile-up of containers on docks, severely limiting storage space. The delays in container movement impacted a variety of industries, from retail to critical industrial operations.

The Australian Federal Police and Australian Cybersecurity Centre are investigating the breach. Government officials, including Infrastructure Minister Catherine King and Home Affairs Minister Clare O’Neil, have been briefed.

The cyber incident at DP World is serious and ongoing.

DP World manages almost 40% of the goods flowing in and out of our country, and this incident is affecting the ports of Melbourne, Fremantle, Botany and Brisbane.

— Clare O’Neil MP (@ClareONeilMP) November 12, 2023

Is data being held ransom?

The short answer is that we don’t know for sure. According to the few details we do have, no ransom demand has been made.

Australian authorities, including Cybersecurity Coordinator Air Marshal Darren Goldie, advise against paying ransoms.  And Australia recently joined a forty-country pledge to never pay ransoms to cybercriminals.

Knock-on effects on supply chains and goods

As of 14 November, DP World Australia says its systems are already back online. Further, retail and supermarket chains have reassured that Christmas stock is unaffected, since most have their inventory already in the country. However, the attack underscores the vulnerability of supply chains, the interconnected nature of security, and the need for more resilient defences.

DP World’s crisis management efforts are under scrutiny, especially in the wake of previous mishandling of similar situations by other companies. The incident has sparked a broader discussion about the need for more container ports in Australia and the necessity of regulatory responses to ensure supply chain stability. Calls are being made to waive penalty fees for delayed container movements, highlighting the cascading costs down the supply chain that contribute to inflationary pressures.

The stevedore has confirmed it has cyber insurance, although it’s worth noting that standalone cyber insurance does not always fully cover an incident’s costs.

Risks for finance professionals

We don’t know yet whether any stolen data will be disseminated, but any sort of data breach can add fuel to various cybercrime tactics and scams.

Previously, we’ve taken a look at how malicious actors use stolen data to more effectively scam finance and accounts payable (AP) employees. Cybercriminals can use stolen data to make tactics like social engineering and business email compromise (BEC) attacks more effective. Even if your own data wasn’t caught in a breach, your team could be targeted using other people’s data.