Security - BIMCO Bulletin


SECURITY December 2019 Maersk: what cyber attacks look like today and whats coming By Mette Kronholm Frnde, Communications Manager and Editor at BIMCO Now, we are seeing a much more structured and organised threat than ever before, often state sponsored Cyber attacks sponsored by state nations, blackmail and the targeting of operational technology for hijacking the cyber security threat has changed significantly since one of the most extensive attacks ever launched hit A.P. Moller-Maersk one afternoon, nearly two and a half years ago, costing the group a reported USD 250 million. The groups Chief Information Security Officer, Andy Powell, tells the Bulletin what the threats look like today and what is coming. Andy Powell, Chief Information Security Officer, A.P. Moller-Maersk It has been estimated many times that the release of the malware named NotPetya on 27 June 2017 resulted in total global damages of more than USD 10 billion. That day, the worm spread beyond Ukraine to public institutions in the US, small companies in Tasmania and multinational companies in Europe and beyond. It also spread to A.P. Moller-Maersk. Funding, training and tools from state nations While NotPetya caused tremendous damage, the threat has changed, and is today far more structured, according to Andy Powell, who heads cyber security across the A.P. Moller-Maersk group and functions. As a result, he says, companies must change their approach to the cyber threat accordingly. The change in threat is very big. In the past, it was small groups of criminals launching cyber attacks on companies. Now, we are seeing a much more structured and organised threat than ever before, often state sponsored. What we are seeing is much bigger players helping criminals with the weaponry, the training and a lot of the tools to undertake the tasks, Andy Powell explains. It is worrying for the industry because companies have been used to isolated attacks by criminals, and now, the threats are very structured and well-resourced. This is not the petty attacks of two years ago. While the attackers are still largely criminal organisations, their objective has changed. Powell says the aim of smaller cyber criminals a few years ago was always to get money. Today, smaller cyber criminals are often used by larger organised gangs to do the hard work for them, harvest the result and then use it to launch bigger and more structured attacks on companies. Instead of just going for money, the criminals now focus on stealing credentials, finding ways of getting into a company to access vulnerabilities with the aim of selling the information on to larger organisations with much bigger plans. Is hijacking a future possibility? A second trend in the cyber attack landscape that Powell observes as being on the rise is the targeting of operational technologies, as opposed to the traditional IT. Today, almost everything has a computer in it, says Powell even our fridges. Manufacturing equipment and engines have monitoring devices attached to see how they are performing and are transmitting that data into the companys network. This is a potential vulnerability. Even small companies are now using operational technology in significant amounts to monitor remotely the efficiency of their equipment. The threat in the future will evolve and grow and we should all prepare for it The threats are very structured and wellresourced. This is not the petty attacks of two years ago If a criminal accessed a plant or engine and in the very unlikely event disrupted a system, many companies have good backups and good manual reversion techniques to stop it, but the threat in the future will evolve and grow and we should all prepare for it, he says. Blackmail on the rise A third threat developing beyond the traditional methods and aims, says Powell, is an increase in ransomware more simply known as blackmail. Ransomware usually comes in two forms: either as we know something about you and we will not tell anyone if you pay or as we have the information and means to shut your system down, but we will not shut it down, or we have shut it down and we will unlock it, if you pay us a ransom. We are seeing a large rise in that form of blackmail or ransomware attacks, and the attacks are a lot more prevalent in the manufacturing sectors and in the shipping sector, because we are all about time and money, Powell says. Most companies will suffer a percentage of attacks per week and most of them are low end. Today, that is the way of the world, and Im afraid this is unlikely to change. Photo (top): Adobe Stock / arrow Read Andy Powells advice on how to handle and respond to cyber security threats and attacks here. Connect with BIMCO Facebook Twitter Linkedin YouTube