Critical Infrastructure Security , Cybercrime , Fraud Management & Cybercrime

Australian Ports Recover From Cyber Incident

Citrix Bleed May Have Struck Again
Australian Ports Recover From Cyber Incident
Stacked containers at the Fremantle port in Australia in October 2020 (Image: Shutterstock)

Operations resumed Monday at four major Australian ports incapacitated by a cybersecurity incident. Dubai-based DP World took systems offline Friday, provoking what government officials called a significant outage frustrating the movement of goods in and out of the country.

See Also: Panel Discussion | MITRE ATT&CK Framework: Seeing Through the Eyes of Your Attacker

The company's Australian subsidiary said it expects to move approximately 5,000 containers Monday out of the four affected ports in Brisbane, Sydney, Melbourne and Fremantle. It built up a backlog of 30,000 containers during the three days the incident forced the stevedore to disconnect the logistics system connecting trucks with DP World, reported the Australian Financial Review.

DP World Australia handles roughly 40% of Australia's international container cargo each year. Other stevedores at the four ports were unaffected by the incident (see: Major Australian Ports Affected by Cyber Incident).

"Although port operations have resumed, it does not mean that this incident has concluded," tweeted Air Marshal Darren Goldie, Australia's newly appointed national cybersecurity coordinator.

Neither the Australian government nor DP World has revealed details about the attack. A company spokesman told the Financial Review that it has not received a ransom demand and that it doesn't foresee a need to pay extortion money.

"While I understand there is interest in determining who may be responsible for the cyber incident, our primary focus at this time remains on resolving the incident and supporting DP World to restore their operations," Goldie tweeted on Sunday.

British security researcher Kevin Beaumont said in a Mastodon post that hackers may have gotten into DP World's systems by exploiting the Citrix NetScaler vulnerability dubbed Citrix Bleed (see: Ransomware Groups Exploiting Unpatched NetScaler Devices).

A query on internet of things search engine Shodan showed an unpatched NetScaler box on the DP World Australia network before the attack.

"It's ransomware, entry point is Citrix Netscaler #CitrixBleed," Beaumont said. Ransomware hackers affiliated with LockBit earlier this month targeted the New York financial services subsidiary of the Industrial and Commercial Bank of China, resulting in disruptions to the U.S. Treasuries market.

About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.