The period we are currently going through, dominated by the worst pandemic crisis ever known to mankind, has highlighted the potential of remote working and digital tools as fundamental resources to continue doing business in times of restrictions or limitations on the mobility of people or things.
And yet even the digital world has its darkside: relying exclusively on computers means exposing yourself to cyber-attacks by criminals who are ready for anything.
This is what has happened over the last few months with the so-called ransomware attacks; a type of malware that, once installed on a device, limits its use, for example by encrypting its data and requesting payment of a ransom to remove the limitations.
The latest shipping company to be the victim of a cyber-attack is CMA CGM; their websites, allowing access to eCommerce services, are still offline.
The French liner has been hit by Ragnar Locker. This is a particularly ingenious malware because it is installed inside a virtual machine that is able to isolate it, effectively preventing the antivirus software of the host computer from distinguishing between a legitimate and a malware setup.
Once installed inside the PC, Ragnar deletes the system’s shadow copy archive, prohibiting the recovery of unencrypted data and connects the disks on the fixed machine to the virtual machine, encrypting all data on the storage drives.
Three days after the attack on CMA CGM, even the International Maritime Organization – which over the past months had been putting a lot of attention on cyber risks, asking for an international standard to address these new threats – was itself hit by a group of hackers, which put their website and intranet services out of action.
The two incidents are nothing new for shipping. Everyone will remember what happened at MSC on Easter weekend: the website of the second most important shipping company in the world was offline for six days and was restored the following April 15th. The Danish A.P. Møller – Mærsk and the Chinese Cosco Shipping Lines also faced similar problems in 2017 and 2018 respectively. What has changed now is the ability of criminals to use increasingly sophisticated malware.
The truth is that shipping has undoubtedly not paid enough attention to the issue of cyber security, which is now being brought to the attention of the international press in all its fervour.
While the European Union, and in particular the Council, last July decided to impose restrictive measures against people and organizations held responsible for having carried out malicious cyber-attacks; an initial response to those who demand stricter measures against cybercrime. The United States of America is beginning to seriously consider the possibility of heavily sanctioning all those companies that agree to pay criminals the ransom they demand for the recovery of encrypted data.
In an advisory published a few days ago by the Office of Foreign Assets Control (OFAC) of the U.S. Treasury Department, we learn that the demand for ransom payments for ransomware attacks against companies has increased significantly during the pandemic period. For OFAC, companies that facilitate the payment of these ransom payments, whether financial institutions, insurance companies or companies involved in digital forensic science, not only violate existing regulations, such as the International Emergency Economic Powers Act (IEEPA) or the Trading with the Enemy Act (TWEA), but also end up supporting the cyber-crime industry by encouraging new speculative attacks on people or things.
“The evolution of cyber-attack targets cannot be underestimated: in the early days the victims were basically individual users and the only attack mode was standard phishing. Now it is clear that hackers have raised their game”, Giuseppe Bianchi, Professor of Telecommunications at the University of Rome Tor Vergata, told Port News.
“In short, cyber-criminals have begun to target corporations, which are able to secure far greater profits than they can ever hope to get from individuals. Cybercrime reinvests most of what it earns in the development of even more sophisticated techniques and malware. It is a virtuous circle in reverse.”
For Mr. Bianchi, this type of progress involves new scenarios and models. It is both economic (in the malware economy sense) and technological: ” The attacks are very well-prepared. They are starting to have a kill-chain-like structure that up to now we only found in the so-called Advanced Persistent Threats.”
Translation by Giles Foster