Blockchain technology would have saved shipping from this week’s Petya cyber attack that crippled the logistics IT systems of Maersk Group. The irony of this is AP Moller-Maersk’s container shipping arm Maersk Line has recently begun working with IBM to implement blockchain technology.
As Marine Electronics & Communications reported on 29 June, Maersk had resorted to contingency measures, including the INTTRA booking platform for container ship freight booking. This was because the Petya malware attacked the Danish company’s legacy IT systems.
Maersk said it was collaborating with IT experts, including national cyber-crime agencies, to recover its IT systems. By the beginning of 30 June, most of its systems were recovered and operations were close to as they were before the cyber attack.
This would not have been necessary had Maersk completed its shift from their existing electronic data interchange (EDI) to a blockchain-enabled platform, according to TrustMe managing director Antony Abell. “The current ransomware attack on Maersk would not have taken place. This event is another piece of evidence that industrial companies must move faster to keep their systems secure in the face of evolving cyber threats,” he said.
Marine Transport International Ltd chief executive Jody Cleworth explained that legacy systems in the industry were vulnerable to attack and other companies were affected when hacking is successful. Many stakeholders outside the group rely on Maersk’s IT systems working correctly.
“Shippers are now left dismayed as they wait for Maersk to provide contingencies and some will need to seek alternative lines to carry their freight,” said Mr Cleworth. One issue is that malware can migrate between IT networks. “Just one weak link can open them up to attack,” she added.
“We are seeing more shipping firms make the move towards blockchain, vastly increasing their process security. This is because blockchains run in a sterile environment. The only way to get data in is through the chain – an attack cannot work.”
Maersk Line is working with IBM on a blockchain solution based on the Hyperledger Fabric. It is collaborating with a network of shippers, freight forwarders, ocean carriers, ports and customs authorities to build the new global trade digitisation solution. This was expected to go into production later this year.
If Maersk had this system operating it would have been protected from Petya malware. It could also have avoided the attack by applying Microsoft security updates and patching software, according to cyber security expert John Boles of cyber security group Navigant. He explained to MEC the importance of reducing the vulnerability of server message blocks through updates.
The cyber security risks were revealed to the Danish shipping industry, including Maersk, in March in a report by Danish Defence Intelligence. The Danish Maritime Authority has also warned shipping about the threats. Its special advisor Erik Tvedt, recently told Riviera Maritime Media that shipping needed to take cyber risk management seriously. It is now being adopted by IMO as part of the ISM Code.
Shipping companies, including Maersk Group, could face major losses from business disruption due to cyber attacks such as the latest Petya ransomware attack. The financial impact could be severe.
The latest cyber attack on Maersk was most likely to have been destructive wiper malware, according to the EC Council. It was disguised as ransomware and designed to destroy data so that it could not be recovered, the EC Council told ethical hackers, including those from class society DNV GL.
The email address used to clear the ransom payments was no longer valid by 29 June. Therefore, EC Council and DNV GL concluded that the cyber breech was not likely to be a ransomware attack. According to the EC Council briefing: “Close reading of the code shows there is no way for data to be recovered – only destroyed.”
DNV GL said among the proposed standard precautions to protect an organisation’s cyber physical systems were to install a simple kill switch by creating a perfc.dat file in windir directories and deny permission to write to it. This would prevent the creation of the perfc.dat file that is normally created by the malware during the infection phase.
The EC Council also recommended that Microsoft Security update MS17-010 is installed if organisations are using the Windows SMB server, to update antivirus software, disable automatic reboots and prevent local admin privileges for normal user operations.