- On Tuesday, an unknown ransomware gang took down Japan’s largest port, disrupting operations for over 48 hours.
- The Nagoya Port processes 10% of Japan’s international trade handling approximately two million containers and 177.79 million cargo tons annually (2021).
- Japanese media reported the ransomware attack on Nagoya Port to be the work of the LockBit 3.0 ransomware gang.
- Maritime professionals believe the industry is underprepared for cyberattacks.
This week, an unknown ransomware gang took down Japan’s largest port, threatening and disrupting all container loading and unloading activities, and thus Japan’s trade, for over 48 hours. Threat actors successfully targeted Nagoya Port’s central container operations handling system, the Nagoya Port Unified Terminal System (NUTS).
Evidently, the hackers obtained access to and deleted a large swathe of data, knocking down services longer than they should have. The Nagoya Port processes 10% of Japan’s international trade handling approximately two million containers and 177.79 million cargo tons annually (2021).
The ransomware attack, conducted at 6:30 AM (local time) on Tuesday, July 5, 2023, crippled port operations for over two days. The Nagoya Harbor Transportation Association confirmed it to be a ransomware attack. It said it resumed operations at one of the terminals on Thursday at 3 PM and aims to reinitiate operations on another four terminals by 6:30 PM on the same day.
Nick Tausek, lead security automation architect at Swimlane, told Spiceworks, “This ransomware attack on the Port of Nagoya in Japan demonstrates just how easily cyberattacks can impact the global supply chain and lead to significant financial losses. In this case, the port has completely halted operations that control 10% of Japan’s total trade volume and is leveraged by major Japanese organizations.”
This includes Japanese automobile major Toyota, which exports most of its cars through the Nagoya Port. Toyota said the export of new vehicles won’t be impacted. However, other exported and imported parts would remain at the port until the situation is resolved.
Tomer Bar, VP of Security Research at SafeBreach, assessed this to be the work of a well-known cybercriminal syndicate. He told Spiceworks, “These groups usually search for easy opportunities, such as targets with visibly misconfigured or unpatched systems, and if not found, continue to the next possible target.”
Japanese media reported the ransomware attack on Nagoya Port to be the work of the LockBit 3.0 ransomware gang, which also recently targeted the world’s largest contract semiconductor manufacturer, TSMC. However, LockBit is yet to publish Nagoya Port as a victim on its darknet leak site, a practice most ransomware gangs follow.
LockBit demanded $70 million from TSMC to safely delete its data. It is unclear what the Russia-based ransomware group demanded from Nagoya Port.
Cyberattacks Against the Maritime Industry
The Nagoya Port was also subject to a distributed denial-of-service attack (DDoS) in September 2022 by the Killnet group, knocking its website offline for 40 minutes.
Ports being critical infrastructure, are attractive propositions for financially-motivated threat actors, state-sponsored hackers, and others. The 2017 NotPetya attack on Maersk caused losses to the tune of $300 million.
More recently, ports subject to cyberattacks include Portugal’s Port of Lisbon in December 2022 by LockBit and India’s largest container port Jawaharlal Nehru Port Trust, in February 2022 by an unknown actor.
“A clear majority of maritime professionals believe that cyber security risks are considered as important as health and safety risks in their industry,” noted risk management and assurance provider DNV in the Maritime Cyber Priority 2023 report.
“Our assessment is, however, that there is still a gap in maturity in how the industry manages the two risks in practice, with cyber security having significant room for improvement before it could be said to be treated as seriously as physical health and safety.”
DNV’s survey found only four in ten maritime professionals believe that their organizations have invested enough money in their OT cyber defenses. As such,
- 90% of maritime professionals expect serious disruption of ship and/or fleet operations
- 79% of maritime professionals expect theft of property/cargo
- 76% of maritime professionals expect damage to port/cargo-handling infrastructure
- 72% of maritime professionals expect harm to the environment
- 68% of maritime professionals expect grounded vessel or vessels
- 60% of maritime professionals expect ship collision
- 56% of maritime professionals expect physical injury or loss of life
“To prevent ransomware attacks such as the one on the Port of Nagoya from further disrupting the supply chain and halting crucial shipping processes, organizations must ensure cybersecurity best practices remain top-of-mind,” Tausek added.
“Security automation tools, especially those that leverage low-code principles, can accelerate security teams’ capabilities to keep pace with the evolving threat landscape, especially as threat actors continue to adopt their own automation techniques to target critical infrastructure. Using these tools lessens the burden on security operations so they can focus on critical alerts, ultimately keeping crucial businesses and their correlating operations up and running without disruption.”
DNV recommended in the report that cybersecurity should be treated as safety in maritime operations and create a framework for insight-sharing across the industry. Effective training and supply chain vulnerability management can go a long way in preventing cyber incidents.
Finally, organizations can maintain an analog fallback option, according to DNV, to avoid substantial financial implications.
Image source: Shutterstock