DP World Plc operations at Australia’s largest ports are slowly resuming after a cyberattack forced a mass closure and created a backlog of containers ahead of the holiday season.
“We’ve got the ports starting to move this morning,” Paul Zalai, director of the Freight & Trade Alliance, said in an interview. “Somehow they’re getting operations up and running again, whether they’ve rectified the breach or whether they’ve got some type of contingency, I’m not sure.”
A statement earlier Monday from the FTA said it was seeing a “gradual recommencement” of freight handling by DP World at Melbourne, Sydney and Brisbane. The update said logistical and technology issues remain at the three ports as the company works through a backlog of orders.
Brisbane seems to be recovering better than the other DP World terminals, Zalai said. Melbourne “appears to be a bit more sluggish and they’ve requested no exports at this stage,” while Sydney has only just come back online, he said. The situation at Perth isn’t clear, he added.
DP World manages almost 40% of goods flowing in and out of Australia, exposing the country to widespread economic, commercial and logistical fallout from an attack on a single entity. Australia’s National Cybersecurity Coordinator Darren Goldie says interruptions could continue for days, with DP World’s systems still disconnected from the Internet after the Friday hack.
One of the world’s largest port operators, DP World is the latest victim in a string of devastating, high-profile cyberattacks globally this year. Industrial & Commercial Bank of China Ltd. — the world’s biggest lender by assets — was recently struck by a ransomware attack that blocked some Treasury market trades from clearing and forced brokers to reroute transactions.
The disruptions in Australia also come as the company is embroiled in an on-going strike by the Maritime Union of Australia over wages and better work conditions.
DP World Australia hasn’t received a ransom demand and doesn’t know which organization is responsible, the Australian Financial Review cited a top company official as saying.
According to the Freight & Trade Alliance’s update, DP World is restricting exports at Melbourne as the company works through a pileup of imports. At Sydney, there could be “unforeseen service impacts,” the note said, and DP World asked for patience this week as it processes the backlog.
Growing Threat
As more ports automate and move away from paper documentation, hackers pose a growing problem to the region’s shipping networks. Ransomware hackers install malware on their victims’ systems, holding them hostage until they receive payment.
“This incident is a reminder of the serious risk that cyber attacks pose to our country, and to vital infrastructure we all rely on,” Home Affairs Minister Clare O’Neil wrote Sunday on X, the platform formerly known as Twitter. “Managing cyber incidents of this kind is incredibly complex.”
This isn’t the first time hackers have targeted major ports. In July, Japan’s biggest maritime port was hit by the notorious hacking gang Lockbit, a ransomware group with Russian ties that was also behind this week’s ICBC attack. A month earlier, several Dutch ports including Amsterdam and Groningen faced distributed-denial-of-service attacks, known as DDoS.
In 2021, South Africa’s port and rail company was struck by a ransomware attack that forced it to declare force majeure at container terminals and switch to the manual processing of cargo.
Sea Trade
Australia’s ports are critical to its economy, with the nation moving 98% of its trade by sea, according to Ports Australia, a leading industry body. A lot of what Australians use on a daily basis — from computers to clothes and medicine are imported — while the country is a key agriculture, energy and mining exporter.
Police are investigating the cyberattack. DP World is combing through its servers to find out where hackers may have been, the data they may have looked at or and moved, and if they left any malicious software, the AFR reported, citing Nicolaj Noes, who oversees the Oceania business.
Noes told the paper there was a possibility that alarms raised by the firm’s monitoring software gave it time to shut down its systems before data was stolen or locked up.
Goldie convened the National Coordination Mechanism over the weekend to bring together government agencies and maritime and logistics sectors as part of the response to the incident.
“While I understand there is interest in determining who may be responsible for the cyber incident, our primary focus at this time remains on resolving the incident and supporting DP World to restore their operations” and recommence cargo shipments, Goldie said.
The various agencies and departments “will work with DP World to ensure that government and industry stakeholders have appropriate situational awareness necessary to support the management of any disruption to Australia’s supply chains,” he added.
Author: Angus Whitley, Ben Westcott and Lynn Doan
