The COSCO Group under Cyber ​​attack

(To Alessandro Rugolo)
28/07/18

To be under attack Cyber ​​these days is one of the largest logistics and shipping companies in the world, the China Ocean Shipping Company (COSCO), based in Beijing. This is how many different Western and Chinese news reports.

The security problem initially involved the American region (US, Canada, Panama, Argentina, Brazil, Peru, Chile and Uruguay). It seems to be a type attack ransomware (ie an attack by encrypting the data and requesting redemption to make them useable again) that the 24 July should have taken place. The attack seems to be very similar to what in the 2017 hit the Maersk1. In particular, in order to prevent the spread of infection between the branch of the American network and the rest of the world, the company has disconnected the email and VOIP services, guaranteeing that of traditional telephony. The company has ensured that the shipping and web tracking services have not been compromised so they continue to operate and operations continue, albeit slowly, even in areas where problems have occurred.

Some considerations:

- it seems that the network of IP telephones of the regional COSCO company is not usable, this is evidently based on the same intranet hit by the attack. This suggests the need to have a communication network of back up based on older technology (not IP) or otherwise on a separate network. This is known in the military environment but we do not always follow the redundancy rule due to the difficulty of holding such different technologies;

- reaction times were even shorter than those recorded in the attack in Singapore at the end of June. Indeed, it seems that the alarm and the first reactions are only 48 hours apart, which gives the idea of ​​the COSCO organization;

- we must therefore ask ourselves: what would happen in Italy in the event of a hacker attack on the public network or some system such as NOIPA? Are there alternatives that guarantee Command and Control of the affected organization or is it all based on internet technology? Are there (and are continuously tested) procedures for the most important processes that guarantee Command and Control?

- COSCO is a company of the Chinese state and was attacked in the part of the network located in America. This makes us reflect, in fact the global dimension of large companies means that they are even more vulnerable. In fact, it is not possible to protect the perimeter of such a large company in equal measure. But that means accepting the risk - risking damage worth hundreds of millions of dollars2.

1 During the 2017, due to the cyber attack directed against Maersk, IT engineers had to reinstall more 4.000 servers, 45.000 PCs and 2.500 applications over 10 days due to NotPetya.
2 In the 2017 incident, Maersk estimated to have lost about 300 million dollars in lost revenue;

To learn more:

- https://www.joc.com/maritime-news/container-lines/cosco/cosco-responds-c...
- https://www.marinelog.com/index.php?option=com_k2&view=item&id=29934:cyb...
- https://www.theregister.co.uk/2018/07/26/cosco_ransomware_attack/
- https://www.bleepingcomputer.com/news/security/ransomware-infection-crip...
- https://arstechnica.com/information-technology/2018/07/shipping-companys...
- http://www.sohu.com/a/243558029_115362&prev=search
- https://www.handyshippingguide.com/shipping-news/another-container-shipp...
- https://worldmaritimenews.com/archives/257665/cosco-shipping-lines-falls...

(photo: COSCO)