A recent ransomware attack in the shipping industry provides a stark warning for healthcare and other industries, currently still feeling the effects of the coronavirus pandemic.
Marine services giant Swire Pacific Offshore (SPO) has suffered a 'Clop' ransomware attack that allowed criminals to steal company data. On the 25th of November, Swire Pacific discovered an unauthorised network infiltration into its IT systems, resulting in the compromise of some employee data.
What happened to Swire Pacific?
After unauthorised access into Swire Pacific's IT systems, they released a statement on November 25th claiming the attack "resulted in the loss of some confidential proprietary commercial information and has resulted in the loss of some personal data. The cyberattack has not materially affected SPO’s global operations"
The ‘Clop’ ransomware group has claimed responsibility for the attack, according to ‘bleeping computer’. Clop leaked screenshots indicating that the ransomware gang stole passports, payroll information, ID numbers, bank account details, email addresses, and internal correspondence messages.
No exact figures have yet been confirmed, but it's suspected Clop potentially exposed 2,500 employee records, employees who support Swire Pacific's over 50 strong maritime fleet.
Why is the shipping industry so vulnerable to ransomware?
Cybercriminals in the ransomware business look for high reward, low difficulty situations that pay high returns. When a company, or in this case industry, is under pressure it provides an opportunity to exploit the situation.
The shipping industry has been struggling to meet demand in a turbulent world due to the coronavirus pandemic. Shipping costs have risen on average about 550% and the UK is estimated to be paying 25-58% more than other European ports (iNews, 2021). This is due to a multitude of COVID & Brexit-related influences including lack of HGV drivers to get cargo from port to warehouse and supply chain disruption. This uncertainty and operational emphasis on improving processes to meet demand, provides a perfect storm for cybercriminals to exploit.
IASME Consortium, which is a UK organisation for cybersecurity and information assurance for smaller companies, estimates that over the past three years, cyber attacks on the shipping industry increased by 900 percent.
Recent attacks in this sector include:
- A.P. Møller-Maersk hit by NotPetya ransomware in January 2018
- COSCO hit by an undetermined group of ransomware actors in July 2018
- Pitney Bowes hit by an undetermined group of ransomware actors in October 2019
- U.S. Coast Guard hit by Ryuk ransomware in December 2019
(Bleeping Computer, 2021)
Why is this relevant to Healthcare and other ‘under pressure’ sectors?
The NHS and more widely, the healthcare sector in general, has been under immense pressure throughout the global pandemic. Hospital waiting times have been pushed to the extreme and supply issues have caused huge disruption to patient care. Sounds similar, right?
The pressure caused by a huge demand for NHS services, combined with a lack of resources, creates a very similar situation to that experienced by the shipping industry.
If you draw similarities between the pressures felt by the shipping industry and the situation in healthcare, it's easy to see comparative threats the healthcare industry faces when it comes to ransomware.
After all, we remeber the impact WannaCry made in 2017. The simple fact that the attack wasn't targeted, yet completely devastated the NHS, shows the need to be prepared.
The ransomware riot in shipping over the last few years isn't just a warning to the healthcare sector. Retail, hospitality, travel and many more sectors have all been hit badly by the pandemic. This has left them to pick up the pieces and focus heavily on business continuity, which is completely understandable, but it's important to not overlook security.
The world is changing, cybersecurity strategy needs to change as well
In a world that is becoming infinitely more connected, traditional approaches to cybersecurity are being found wanting.
Traditional cybersecurity strategies often don't account for:
- Increased adoption of cloud services
- Remote working
- Unprecedented growth in IoT and unmanaged devices
- The rise of ransomware
The approach needs to change and it starts with visibility and understanding. You can't protect what you can’t see, and you can't change what you don't understand. Cybersecurity is no longer about protecting the front door and identifying the loose window latch. It's also about making sure that Alexa is only listening to what it's meant to be listening to, and ensuring that the smart TV isn't acting as a cat flap to your network.
Knowing what is happening on your network, how it’s used, accessed and what lives on it, is the best starting point when securing your IT estate. Anything else leaves you vulnerable.
We help organisations gain the visibility and understanding needed to secure themselves, if you'd like to chat we're here for you.
