IMO still restoring systems after cyber attack

IMO has released a statement saying its security and IT teams are continuing to try to bring systems back on line as soon as it is safe to do so.

The full text of the updated statement is below, and the original report from the incident follows.

The interruption of web-based services was caused by a sophisticated cyber-attack against the organization’s IT systems that overcame robust security measures in place.

IMO has ISO/IEC 27001:2013 certification for its information security management system. IMO was the first UN organization to get this certification in 2015.

The IMO Headquarters file servers are located in the UK, with extensive backup systems in Geneva. The backup and restore system is regularly tested.

Following the attack, the Secretariat shut down key systems to prevent further damage from the attack.

The Secretariat is working with UN International Computing Centre (UN ICC) and security experts to restore systems as soon as possible, to identify the source of the attack, and further enhance security systems to prevent recurrence.

Since yesterday (01/10/2020), service has been restored to the GISIS database; IMODOCS; and Virtual Publications. For security reasons, these systems were not available for a few hours early this morning but they are now back up and running.

Service will be restored to other web-based services as soon as possible and as safe as possible.

The Secretariat takes its responsibilities for cyber risk management and information security management extremely seriously and has acted immediately to address the cyber attack and to implement measures to ensure the risk of recurrence is minimised.

01/10/2020:

In addition to its public website, IMO said a number of its web-based services are currently unavailable.

The United Nations shipping organsiation added that its internal and external emails are working as normal and service has been restored to the Global Integrated Shipping Information System (GISIS) database, IMODOCS and virtual publications.

In a statement and on its Twitter feed, IMO said it is currently working with UN IT and security experts to restore systems as quickly as possible, to identify the source of the attack, and enhance security systems to prevent a recurrence.

The interruption of service was caused by a cyber attack against our IT systems. IMO is working with @UN IT and security experts to restore systems as soon as possible, identify the source of the attack, and further enhance security systems to prevent recurrence. pic.twitter.com/EzUQzqXMEF

— IMO (@IMOHQ)

The interruption of service was caused by a cyber attack against our IT systems. IMO is working with @UN IT and security experts to restore systems as soon as possible, identify the source of the attack, and further enhance security systems to prevent recurrence. pic.twitter.com/EzUQzqXMEF

— IMO (@IMOHQ) October 1, 2020

The cyber attack on IMO is the second high profile cyber security breach to hit the shipping industry within a few days. On 28 September container shipping giant CMA CGM suffered a security breach to its peripheral servers, causing the company to shut down access to its online services.

The company said it has since isolated the malware at the root of the attack but said it suspects a data breach occurred in the attack.