Maersk Group should have avoided being affected by the latest cyber attack by applying Microsoft security updates and patching software, according to a cyber security expert
One of the world’s largest shipowners, offshore infrastructure and port terminal operators was a victim of a global cyber attack on 27 June.
The Petya cyber attack infected Maersk’s IT systems, affecting multiple business units and APM Terminals, which had to shut down ports. AP Moller-Maersk was one of the victims of a global cyber attack that affected the Ukraine Government and many businesses in different industries.
However, John Boles, a former assistant director of US Federal Bureau of Investigation’s international operations, said the attacks could have been avoided by applying Microsoft security updates. Mr Boles is now director of global legal technology solutions with cyber security group Navigant.
He said the latest attack was a form of ransomware that uses server message block (SMB) vulnerability, just like WannaCry, which infected multiple business and authority networks in May. “Once the infection has begun, the malware scans the network for other vulnerable devices and infects them,” Mr Boles told Marine Electronics & Communications.
He added: “This infection could have been avoided by applying the Microsoft security update that addressed the SMB vulnerability. With WannaCry, the patch was issued before the outbreak began. Companies who patched and updated were protected.”
Patches to software were also available for new variants of ransomware. “Fixes for the SMB vulnerability were available. Microsoft even released patches for its out-of-service operating systems after WannaCry.”
“Fixes for the SMB vulnerability were available. Microsoft even released patches for its out-of-service operating systems”
Because there were several variants of WannaCry coming out, Mr Boles said companies should not have been taken by surprise and been infected. He explained that there were other methods of avoiding ransomware such as training personnel, improving email security protocols and conducting regular data back-ups.
“Even if a company did not patch, performing regular back-ups of data and isolating those back-ups from the internet would at least make it possible to reload company data and continue business operations, while minimising the data loss.”
International risk management company MAST’s cyber security consultant Ian Hirst explained that the Petya cyber attack emanated from the Ukraine with malicious software embedded in an accounting program.
“The ransomware used exploits the EternalBlue vulnerability in Microsoft based platforms. Although a patch was released in March to protect systems from the infection, it appears some companies have not updated their systems despite the catastrophic consequences of leaving these updates unchecked,” Mr Hirst explained.
These types of attack have far-reaching repercussions and are preventable through the application of robust information security governance and assurance. Mr Hirst explained: “There are also some basic steps companies should carry out in the event of a cyber attack. It is very important that companies do not pay the ransom as it is likely the email address used by the attackers has been disabled.
“Secondly, companies should try to interrupt the boot cycle before the encryption software loads, then format drives and reinstall from a known uncorrupted back-up. Lastly, companies should ensure all platforms are patched and antivirus is kept up-to-date. These simple steps will ensure an attack is completely preventable in the future.”
The financial impact of this latest Petya ransomware attack could be severe for companies affected, said Ince & Co Hong Kong partner Rory Macfarlane. He explained that the cost is far more than just the ransom and the time to clear the damage could be longer than previous attacks.
“Losses incurred in terms of business interruption, rectification and reputation will be extensive and will continue to grow as these attacks become more and more common,” he told MEC.
"Losses incurred in terms of business interruption, rectification and reputation will be extensive"
“The early signs with Petya are that decryption may be problematic for those affected, thereby increasing the potential business interruption losses. The best form of defence remains a proactive approach to minimising the risk of successful cyber-breach,” Mr Macfarlane said.
This requires more than just changes in technology. “It requires a change in behaviour on the part of executives and chief technology officers across the industry. Significant improvements can be made for a modest investment.”
"Shipping companies and ports affected by this latest ransomware attack will doubtless suffer huge financial losses"
Abatis chief executive Kerry Davies said cyber security technology that prevents malware from executing any actions would have prevented the attack from affecting Maersk systems. The long-term impact could be on global commerce and loss of shipments. “The world’s commerce was thrown into disarray when a new ransomware variant hit ships, ports, airports, banks, oil companies and a host of other industries that rely on their mission-computer equipment for survival,” he said.
“The Petya cyber ransomware attack is already spreading across the world quicker than the Wannacry outbreak that so badly affected a host of organisations worldwide in May,” he added. “Shipping companies and ports affected by this latest ransomware attack will doubtless suffer huge financial losses. Customers will be inconvenienced at the very least and some will decide in the future not to use shipping companies that have been affected.”