SEACURUS BULLETIN MONTHLY EDITION - JULY 2017 | ISSUE 73 SHIPPING SHAKEN BY CYBER ATTACK REFLECTING ON THE PERCEPTIONS OF CREWS SHIPPING SAFETY AND MORALS | PIRACY RESURGENCE CAUSES CONCERN As shipping is shaken by its first major cyber attack we look at what this might mean for the industry and also explore the latest resurgence of pirate activity in the Gulf of Aden and northwest Indian Ocean Region. In this issue.. Welcome They said it would come, and at owners and charterers and, in hopefully this initiative will deliver on SHIPPING SHAKEN BY CYBER ATTACK: > it did. Shipping has finally particular, being sent to ships. The its promise. 01 Finally, a major attack has hit shipping, and we look been shaken by its first major, emails were from scammers posing at how vulnerable the industry really is. publicly known cyber attack. There as law firms in order to distribute The past month has seen other developments, and with Seafarer - has been so much written about the malware, including the latest ransom- Awareness Week being celebrated, REFLECTING ON THE PERCEPTIONS OF CREWS: dangers of cyber attack for shipping, ware. but nothing happened. Then we have taken the opportunity to 02 With the “ Day of the Seafarer” posing more questions than suddenly, Maersk and APM Terminals The email scam claims that legal steps look at the effects of abandonments answers, we take a look at the current state of play. fell foul of a ransomware attack which in arresting a vessel are ongoing, on crews. We also look at the issue of had compromised many of their and Masters are invited to open a maritime accidents, and as studies SHIPPING SAFETY AND MORALS: internals systems. document, which then spreads the reveal that accidents are more likely in 03 When is an accident not really an accident? When it is anonymous. virus. Obviously, anyone receiving a downturn we ponder what can be We look at the morals shaping casualties and cover. We should perhaps be thankful that these unsolicited emails should be done to head off rising losses. it was the offices ashore which were very careful and, if in doubt as to their Inside we also look at the latest PIRACY RESURGENCE CAUSES CONCERN: hit, and not vessels out at sea. There authenticity, should send them to is now a steep learning curve, and all their IT support team before opening resurgence of pirate activity in the 04 A resurgence of Somali pirate activity has raised concerns for the will have to face up to the new reality any attachments or links contained Gulf of Aden and northwest Indian shipping industry, but piracy is not the only issue. that shipping can indeed be a target, therein. Ocean Region and as concerns grow, and can be hit. we ask just what has been done to 05 MONTHLY NEWS ROUND-UP : The cyber barbarians are at the gate, break the cycle of poverty which send The maritime and shipping stories which caught The Maersk “Petya” attack was not and we can but hope that people and Somali men to hijack vessels. our eye last month. the only phishing scam doing the systems can keep them at bay. Cyber rounds in the maritime industry last safety is very high on IUMI’s agenda, We hope you enjoy this latest month. In other marine related cyber and so it seems likely that cyber risks issue of Seacurus’ monthly attacks, a bunker fuel dealer from will become more transparent and bulletin. < Malaysia reportedly fell victim to an understandable to insurers, which will e-mail payment scam and lost $1.1m. obviously make the risks insurable The company was cheated by a fake too. As we reported last month, the All the best bunker fuel supply company, which IMO has embraced cyber risks within Capt. Thomas Brown asked for payment into a US-based the International Safety Management Managing Director bank account. The payment was duly (ISM) Code. Slowly the noose is Seacurus Bulletin is published monthly by Seacurus Ltd made, and the money vanished into tightening on the criminals – but alas, – providers of MLC crew insurance solutions the criminal’s hands. it is also constricting on innocent businesses too. www.seacurus.com This attack was understood to E: [email protected] have been made possible owing Reporting is of the utmost to spyware which had infiltrated importance, and the North P&I Club is T: +44 191 4690859 the victim’s computer. By spying on working with the likes of BIMCO, DNV F: +44 191 4067577 e-mail correspondence between GL and the Marshall Islands Registry, Registered Office: Suite 3, Level 3, Seacurus Ltd the victim and his actual supplier in to combat cyber criminals by using Baltic Place West, Baltic Place, Registered in England No. 5201529 Singapore, the fraudsters could con the CSO Alliance’s global information South Shore Road, Gateshead, Authorised and regulated by the Financial Conduct Authority them out of such a large sum. and reporting platform for digital attacks. Knowledge and awareness NE8 3BA, UK A Barbican Group company Elsewhere, law firm Reed Smith are vital when tackling such issues, so reported an email scam aimed 02 www.seacurus.com www.seacurus.com 03 Seacurus Bulletin | July 2017 Seacurus Bulletin | July 2017 SHIPPING SHAKEN BY CYBER ATTACK There has been so much written about the dangers of a cyber attack and the effect it would have on shipping. Finally, something big happened, and it highlighted how vulnerable the industry really is. LOOKING THE WRONG WAY According to calculations, Maersk’s shipping lines – Maersk Line itself, Safmarine, Seago, MCC Transport Much of the thinking about maritime cyber security has and Sealand – have all been affected and book 3,300 been focused on the effect out at sea. The commonly teu every hour, representing some $2.7m in revenue held perception was that the big attack would happen per hour. That equates to at least some 82,500 TEU to a ship, or that crews would cause some catastrophe and revenues of $67.5m having been affected – a by shoving USB sticks where they shouldn’t. combination of shipments caught up in ports and on vessels, and likely lost bookings. The recent “Petya” cyber attack was among the biggest- ever disruptions to hit global shipping. Several port THE CYBER SNOOZE BUTTON terminals run by a Maersk division, including in the vampire into your house, clicking on dodgy attachments concerning that such a modern vessel could be using United States, India, Spain, the Netherlands, were When the worst did happen there was praise for the can be disastrous and the implications devastating for a the same software that left the NHS exposed, and which left struggling to revert to normal operations after speed of its response. Maersk has been congratulated in business big or small. no longer receives support from Microsoft. experiencing massive disruptions. some quarters for the contingency plans it had in place, it seems they were clearly capable of handling a major According to experts though, Maersk Group should have This is actually a serious issue for commercial shipping, As with most things in life, while everyone was looking incident of a scale which prompted the shutdown of its avoided being affected by the attack. Just by applying as one of the constant criticisms is the fact that so in one direction the hit happened elsewhere. So, it IT infrastructure and affected terminals. security updates, they should have been protected. John many vessels are still using XP. It seems time for new was that Maersk and APM Terminals were hit by a Boles, a former assistant director of US Federal Bureau of investment in IT infrastructure and a serious rethink. ransomware attack through their offices ashore. There was also relief that vessels have remained Investigation’s international operations, said the attacks unaffected up to now. Indeed, it was stated that could have been avoided by applying the Microsoft TIME TO RETHINK Just as the old war story claims that Japan took communications with their fleet was maintained. security update and patches that addressed the SMB Singapore because all the guns were facing out to sea, However, there will have been delays and knock on vulnerability. Such a rethink may be forced on shipping, as the the same seems to have happened here. The ships were effects. International Maritime Organization (IMO) has given the focus, and that seemingly has meant the shore may With the previous global “WannaCry” attack which shipowners and managers until 2021 to incorporate not have been prepared as it should have been. Experts have been queueing up to comment on the hit the UK’s National Health Service, amongst others, cyber risk management into their existing ship safety attacks, and Ian Millen, security and intelligence advisor the patch was issued before the outbreak began and regime as part of the ISM Code. VIRAL SPREAD at Global Navigation Solutions, expressed surprise the companies who patched and updated were protected. maritime industry was still caught out. The consensus So, it seems companies still have much to learn. Interweaving cyber into regular safety management The computer virus began its spread late last month in seems to be a sense that much of this has been down to systems is deemed by most observers to be the most Ukraine and affected companies in dozens of countries. some form of complacency, and people simply “pressing SAME OLD PROBLEMS sensible route, not least by making compliance an Maersk was far from alone in being hit – companies such snooze” on the problem. important business decision too. Not conforming to the as Rosneft, TNT and Mondelez were all affected.