The NotPetya malware infected the computer systems of the giant AP Moller-Maersk shipping empire, sending ports around the world and Maersk’s worldwide shipping network into chaos
Companies face real threat from cyber crime – By Dave MacIntyre
For any company that thought it was immune from the cyber attacks that are increasingly sweeping the business world, the WannaCry and NotPetya attacks of 2017 should have been a brutal wake-up call.
The WannaCry ransomware campaign was unprecedented in scale, with estimates it infected more than 200,000 computers across 150 countries. One of the largest agencies struck by the attack was the National Health Service in England and Scotland. Car maker Nissan halted production in England, Renault stopped production at several sites in an attempt to stop the spread of the ransomware, and Spain’s Telefónica, FedEx and Deutsche Bahn were also hit.
The dreaded WannaCry screen
While WannaCry aimed to secure financial gain for its perpetrators, the NotPetya attack was aimed purely at creating chaos – and it did.
Now suspected of initially being a Russian cyber attack on the Ukraine, it spread into the computer systems of the giant AP Moller-Maersk shipping empire. Ports globally and Maersk’s worldwide shipping network were sent into chaos.
Malicious attacksSometimes, hackers have a more specific target. A notorious case involved the Port of Antwerp where hackers working for drug smugglers infiltrated cargo-tracking systems to aid the importation of drugs hidden in containers.
New Zealand companies and organisations have also suffered from malicious attacks. In 2018 the New Zealand Road Transport Forum, representing the road transport industry, warned that it had “suffered an extremely serious ransomware attack. It completely knocked out our entire computer system – files, emails, everything.”
Then-CEO Ken Shirley cautioned other organisations who might be at risk of attack, especially small businesses or those outside the IT realm who may not be quite as familiar with cyber security as they could be: “For transport companies operating vehicle fleets, managing payroll, invoices and all the other administrative and accounting functions now done electronically, it is no exaggeration to say a ransomware attack could be devastating.”
The same could be said of any transport company, construction company or organisation who inadvertently leave their computer systems vulnerable to attack.
WADA hackingWellington-based cyber security expert Todd Skilton says the power of cyber hacking was shown by the Russian cyber espionage group Fancy Bear who hacked the World Anti-Doping Agency (WADA) and the IAAF, the world athletics governing body, in retaliation for the banning of Russian athletes.
Cyber security expert Todd Skilton: “The more interconnections your company has, the more vulnerable you are”
The anonymous group was responsible for leaking confidential information on athletes who had requested therapeutic use exemptions (TUEs) which allow the use of banned substances if there is a medical need. Medical documents belonging to British athletes including Mo Farah, Bradley Wiggins and Chris Froome were among those leaked.
Since then, Fancy Bear has been deemed responsible for the email hack of the Democratic National Committee which is thought to have badly damaged Hillary Clinton’s campaign for the US presidency.
Mr Skilton says these examples show the diversity of hackers and malware. “For some hackers, it may be the pure ‘rush’ of creating something which leaves their own stamp, like taggers spraying a wall. For organised criminals it may be a way of making money.”
He says the electronic environment in which we work is embedded in society and is here to stay, so businesses must understand this environment. “We can’t go back to receiving our wages in brown envelopes. We are used to electronic transfers into our bank account. We make purchases online every day. It’s a convenience we want, but in order to do that, we need to minimise the risks.”
The fundamental concern is the need for business continuity, says Mr Skilton. “When things go wrong, it can have a very great effect on your business. You have to ask yourself whether you can recover your systems, your information, your company data, to allow your business to operate.
“If you have suffered a ransomware attack, you can’t trust the hacker to give you back your data, even if you pay up. If you can’t retrieve it, what will be the cost to you in lost time, lost productivity, lost sales, lost orders?”
PreventionSo what should a business do if it is attacked, and what preventative steps can be taken beforehand?
The first thing you need to do is get the computer offline as quickly as possible, to prevent the malware spreading, says Mr Skilton. In integrated systems, the virus can spread through an entire network after infecting one computer – as happened in the Maersk case.
Incredibly, Maersk was able to rebuild its operating system because a single computer in Africa had been offline due to a power cut, and had therefore not been infected (see footnote). “The more interconnections your company has, the more vulnerable you are,” says Mr Skilton.
Incredibly, Maersk was able to rebuild its operating system because a single computer in Africa had been offline due to a power cut, and had therefore not been infected
The next step is bringing in expert advice, either from within the organisation if it has an IT section, or from outside. It the attack involves recognised malware, it is possible that experts will have the knowledge to decrypt it.
If that can’t be done, then the only solution is to rely on backups which your business should be making frequently. Failure to do this is one of the errors companies frequently make.
“Another is failing to update your software with patches that are issued by manufacturers to guard against malware. It is essential to keep your software current and to have your antivirus in place,” says Mr Skilton.
Ideally, he says, companies should bring in an expert to design or review their security systems from scratch. “If you are setting up a new operation, you can ‘bake in’ safeguards from the start. It is always harder retrofitting. I don’t think I have ever seen an organisation where I’ve walked in, reviewed their security system and thought it was perfect.”
The full story on the Maersk NotPetya attack is a fascinating read: www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
Dave MacIntyre is an award-winning journalist who specialises in transport issues within New Zealand; he can be contacted at email@example.com