Latest cyber attack shuts down South African ports

Ransomware incident highlights the global digital vulnerability of essential maritime infrastructure.

Transnet, the company that runs South Africa’s ports infrastructure, has suffered severe disruptions following a recent ransomware cyber attack.

Container terminals around the country reportedly stopped functioning almost entirely, with port officials forced to manually record the movements of any vessels able to come in or out.

Occurring at the peak of the citrus and soft fruit export season, the attack is likely to have a major impact on South Africa’s struggling pandemic economy and add further stress to global trade.

“It’s a catastrophe,” said Dave Watts, consultant to the South African Association of Freight Forwarders, after the incident. “It’s like a nail in the economy’s coffin – at the moment nothing is moving in or out of our ports.”

There is some speculation as to whether the attack was financially driven or connected to political unrest. And it comes just weeks after the US Colonial oil pipeline was shut down due to a ransomware attack which led to fuel shortages. According to Bloomberg.com, a compromised password allowed hackers to shut off the pipeline – and hold the oil company to ransom for an avoidable lapse in security.

Force majeure

Information about the cyber attack began to emerge in July when Transnet reported issues with its IT systems, before eventually revealing, days later, that it had, indeed, suffered a single, yet particularly disabling, cyber attack.

The company quickly declared force majeure – a move that prevents a party from fulfilling its contracts because of external and unforeseen circumstances.

According to Transnet’s own statistics as of June 2021, the company processes more than 13,000 containers each day at its terminal facilities.

Machine learning

“Unless Transnet was properly prepared for a cyber attack, it could take weeks, even months, to recover its systems,” said Jayson O’Reilly, general manager at Johannesburg-based cyber security specialist, Atvance Intellect.

“The attackers might not have set out to target Transnet specifically. A lot of these attacks are built on machine learning, and in many cases they don’t actually know who they’re attacking until the vulnerability is flagged up and they get into the organisation, then use their reconnaissance techniques.

“Ransomware groups, in particular, tend to run sophisticated and well-funded operations. They are multi-jurisdictional and always anonymise their activities.

“However, just because the attackers have such sophisticated capabilities, it doesn’t mean the attack they used against Transnet was that advanced.

“We’d like to think that these are really advanced attacks, but in many cases they are just the simplest of social engineering attacks. They’re looking for soft targets, for people who aren’t managing their digital assets properly.

“A worrying factor we’re seeing more and more across the globe is that cyber criminals are now looking at how they can bring down critical infrastructure. Whether they think they can get money or not, they are just going to try it.”

Lucrative target

The Africa-centred Institute for Security Studies (ISS) has described the ports attack as “unprecedented”, noting that since the start of the pandemic cyber-attacks have increased worldwide, inflicting financial losses in many sectors.

“South Africa’s critical infrastructure has been targeted before but always with minimal impact,” explained Denys Reva, a research officer at ISS in Pretoria.

“This, however, is the first time the operational integrity of the country’s critical maritime infrastructure has suffered such a severe disruption.

“The number of similar incidents across Africa will, undoubtedly, increase as ports seek to increase their efficiency and effectiveness through digitalisation.

“All transport infrastructure – especially ports and harbours – present lucrative targets for cyber criminals due to the scope of the ports’ operations and the many stakeholders who tend to be involved with them.”

Read more

We’ll feature the US Colonial pipeline ransomware attack in depth in the Marine Professional members-only magazine later this year.

If you don't receive the magazine, join as a member here, or subscribe.

Dennis O’Neill is a freelance journalist specialising in maritime.