Cosco Reports Cyberattack at its U.S. Operations

File image

Published Jul 25, 2018 10:55 AM by The Maritime Executive

On Wednesday, Chinese shipping conglomerate Cosco reported that its American shoreside operations have been hit by a ransomware cyber attack. 

The incident occurred Tuesday, and it affected the firm's email and phone systems at a selection of sites in the United States, including its Pier J terminal at the Port of Long Beach. Cosco said in a statement that its vessel operations and its business systems are performing properly. 

"Except for above regions affected by the network problem, the business operation within all other regions will be recovered very soon. The business operations in the affected regions are still being carried out, and we are trying best to make a full and quick recovery. We will keep you updated of the latest progress through various channels," Cosco said in a notice to customers. 

However, Itai Sela, the CEO of maritime cybersecurity firm Naval Dome, cautioned that the attack's reach might be wider than it appears. "Although COSCO has been quick to respond to this hack, the virus may have been dormant for some time, so I would not be surprised if other systems – shore- and ship-based systems – have been breached," Sela said. "This kind of attack could spread through the entire fleet and its consequences might be devastating, and certainly costly, especially in terms of insurance. We strongly recommend to whoever discovered the attack, to thoroughly verify the breach has been contained and has not infected any ships in the COSCO fleet."

As of Thursday evening, the website for Cosco's U.S. division was still down.

The attack on Cosco does not yet appear to have the same degree of impact as the "Not-Petya" ransomware incident at Maersk Lines and Maersk's APM Terminals division last year. The leading maritime logistics firm needed nearly one month to restore all of its customer-facing electronic services after the attack, and the total financial impact was estimated at about $250 million.  

"Not-Petya" was far from the only recent attack on a maritime firm. Maersk's Svitzer subsidiary suffered an attack on the email system at its Australian division last May, and the security breach continued undiscovered for nearly 10 months. Last November, leading British shipping services firm Clarkson reported a cyberattack via a single employee user account, which required the firm to notify affected customers.