Container shipping giant CMA CGM says its e-commerce and ’main functionalities’ have resumed after the French line was hit with ransomware in late September
A statement from CMA CGM said the group’s e-commerce sites and ’main functionalities’ were all operational, allowing customers to book and track cargo and submit and receive invoices.
"All communications to and from the CMA CGM Group are secure, including emails, transmitted files and electronic data interchanges," the statement said. "All our agencies as well as our back-office are now fully operational."
The initial attack, via ransomware, occurred on 28 September and the line has been working to restore its systems for two weeks. Initial reports on the incident can be found below.
30 September, 2020: Update
CMA CGM has isolated the malware at the root of the attack after closing its IT network to external access and implementing alternative container shipment booking procedures
The container shipping giant said it was in the process of determining the degree to which its data has been compromised.
"We suspect a data breach and are doing everything possible to assess its potential volume and nature.
Our technical teams, alongside independent experts, are continuing the investigation," a statement from CMA CGM said.
The line said it has been forced to implement "alternative solutions" for communications with customers and for bookings on its container ship fleet.
CMA CGM said in a statement it "interrupted as a precautionary measure all external accesses to their network and computer applications in order to prevent the spread of the malware".
“This malware was rapidly isolated and all necessary protection measures implemented,” CMA CGM said.
“All communications to and from CMA CGM Group are secure, including emails, transmitted files and electronic data interfaces (EDI). Maritime and port operations are functioning as per usual.”
The line said it has "fully mobilised" to restore all of its information systems and that its back office systems are gradually being reconnected to the network, improving booking and documentation processing times.
CMA CGM identified the cyber attack and first notified customers it had closed external access to IT systems on 28 September.
The container shipping line said the cyber security breach had impacted ’peripheral servers’ and that the line had cut off access to applications to prevent the spread of the malware.
CMA CGM recognised the potential impact on business continuity and created other communication channels.
“We are providing alternative and temporary processes for your bookings and are committed to processing them as quickly as possible,” CMA CGM said.
In its initial statement, the line said it had worked rapidly to reduce the impact and risk from the cyber attack.
“As soon as the security breach was detected, external access to applications was interrupted to prevent the malware from spreading. The website and associated IT infrastructure is down.”
CMA CGM said its IT teams are working to resolve the incident and reopen internal networks for bookings and other applications and that it is also using external consultants to try to remedy the impacts of the attack.
In the meantime, the company said it strongly encourages customers to use INTTRA’s web portal or EDI for booking requests, using their existing account with INTTRA. Or to submit a booking request form to their local agent.
There is no information on how long these temporary measures will be in place.
"An investigation is underway, conducted by our internal experts and by independent experts," the line said.
Like it or not, container shipping is on the front line of the maritime industry’s war against cyber threats.
Cyber incidents and other IT issues are becoming more frequent in container shipping, raising concerns over shipping lines’ cyber security at a time of changing threat landscapes. There has been speculation that the cyber attack affecting CMA CGM’s IT was a ransomware attack originating in eastern Asia.
A number of shipping companies and shipmanagement groups have suffered IT issues originating from cyber security incidents, in each case shutting down sections of IT networks and access to online services.
Mediterranean Shipping Line (MSC) and Toll Group, Carnival Corp, Anglo-Eastern and OSM Maritime Group all have been victims of cyber issues in 2020.
Maersk Line and COSCO have also suffered hacks in recent years, leading to financial and business losses.
CMA CGM’s cyber attack comes less than a week after the line celebrated adding the 23,000-TEU Jacques Saade, the largest LNG-powered container ship in the world, to its fleet.
The growing list of shipping companies hit by cyber attacks shows there is still a long way to go for many in implementing basic cyber security measures. As the oft-repeated saying from cyber security experts goes, it is a case of ‘when’ not ‘if’ a cyber attack is coming.
Based on the incidents reported by major shipping lines, security breaches have been recognised quickly and isolated rapidly, with lines closing down IT networks, reducing the risk of malware spreading.
The impact on customers and business continuity cannot be overstated, however.
Responding to a cyber attack, shipowners and operators must spend money and valuable time to diagnose issues, fix problems and recover systems. Owners also can be held to ransom or stand to lose critical customer data.
When Maersk Line was hit by a cyber attack in 2017, the estimated to cost the Danish group was around US$300M in total, and that does not account for time lost in dealing with the security breach, recovering IT systems and returning to business.
During Riviera’s Maritime Cyber Security Webinar Week, in August 2020, cyber security experts discussed threats to shipping companies coming from a growing variety of sources and far more frequently. Shipping lines are often collateral damage from wider attacks, but lines are still targets for criminals using ransomware.
Attendees will hear much more on methods to safeguard IT networks from cyber attacks and improve risk management during Riviera’s upcoming Maritime Cyber Risk Management Virtual Conference.
Until then, as this latest incident shows, shipping companies would be wise to take stock of the vulnerabilities in their business, operations and IT networks and to redouble efforts to bolster security of internal systems and external portals and train personnel to recognise and report cyber approaches that could contain a threat to the business.
In this way, shipping companies can learn to be better prepared for the inevitable cyber attack by using examples from the growing list of those who have already dealt with cyber attacks, which now includes CMA CGM.
Cyber security, threats and risk to shipping were discussed in depth during Riviera Maritime Media’s Maritime Cyber Security Webinar Week in August - use this link to view or review these events in the webinar library
Further discussions, presentations and information on cyber security will be coming in Riviera’s Maritime Cyber Risk Management Virtual Conference on 3 November - use this link for more details and to register to this event