Ports Of San Diego & Barcelona Come Under Attack

Cyber-attacks have now been reported at three ports in the last two months.
Two major international ports fell victim to cyber-attacks within the span of a week, putting the shipping industry on alert for a possible threat actor targeting the entire sector.

The first to fall was the Port of Barcelona, Spain, on September 20, last week. The second attack was reported yesterday, September 25, by the Port of San Diego, in the United States.

None of the two port authorities revealed any details about the nature of the cyber-attacks, leaving security experts to speculate about possible causes.

The cyber-attack on the Port of Barcelona did not affect ship movements in and out of the harbor, and a local newspaper reported that it impacted only land operations, such as loading or unloading of boats, although the Port denied there was a serious disruption to customers.

In a tweet two days after the initial attack, the Port of Barcelona said that only internal IT systems were affected, but did not offer other details, even after a week's worth of requests for comments and questions from ZDNet.

The Barcelona cyber-attack was followed by another one recently, this time against the Port of San Diego, a medium-sized cargo port on the US west coast.

‘Port employees are currently at work but have limited functionality, which may have temporary impacts on service to the public, especially in the areas of park permits, public records requests, and business services," said Randa Coniglio, Chief Executive Officer for the Port of San Diego in a statement released a day after the attack.

Port officials did not respond to a request for further comment from ZDNet, but they said they are still investigating the hack.

Just like the Barcelona port, San Diego officials stayed mum regarding the nature of the attack. It is unclear if the two incidents are related or alike, and the whole maritime industry may benefit from a little bit of openness about the two incidents. Port authorities around the world should be on alert, regardless.

One of the security researchers who tipped ZDNet about the last incident noted that both port authorities described the cyber-attacks as disruptive, a term commonly used with ransomware attacks, which are destructive in nature, but not with other forms of cyber-attacks, such as data breaches, where intruders' main goal is to stay undetected by leaving systems intact and working.

This is speculation, at this point, as both ports declined to provide technical details, but the speculation has its merits, based on a previous incident.

Back in July, there was a ransomware attack that was initially reported as an infection affecting the Long Beach Port, which was later tracked down and isolated to the port terminal of the China Ocean Shipping Company (COSCO), and later the company's internal network, one of the world's largest shipping firms.

With three "disruptive" cyber-attacks reported by three ports in two months, some might wonder if a threat group isn't targeting ports intentionally. This isn't a surprise, as ports handle a huge amount of business, and any disturbance can lead to serious financial losses.

When the NotPetya ransomware outbreak started to spread last year, one of the first companies to report issues was Maersk, the world's largest cargo shipping company. Maersk's poor security practice cost the company over $300 million in damages, and the company's IT staff had to reinstall 4,000 servers, 45,000 PCs, and 2,500 applications in ten days, in what the chairman called a "heroic effort."

Last year, UK shipping provider Clarksons PLS was also hacked and blackmailed by a hacker who breached the company's systems and claimed to have stolen its database. Clarksons refused to pay, but the event made headlines anyway.

Port authorities and ships have long been considered easy to hack. One cyber-security firm, in particular, published a long string of blog posts detailing the various ways in which someone could hack IT systems in ports and on ships. 

But these blog posts describe high-tech hacks and are probably not the main entry of these attacks. Usually failure in IT maintenance of regular systems is the point of entry for most hackers, such as outdated software, open RDP endpoints, or employees running malicious files received via email, etc.

Ironically, five months before it got hacked, the Port of Barcelona published a blog post titled "Are ports prepared to deal with threats from hackers?"

Apparently not.

Updated on September 27, 14:00 ET: A Port of San Diego spokesperson confirmed via email that the cyber-attack was a ransomware infection.

"We can confirm it is ransomware, but cannot provide additional details at this time," the spokesperson said.

ZDNet:

You Might Also Read:

The Maritime Industry's Slow Boat To Cybersecurity

« A Self-Flying AI-Powered Drone That Can Track You
Liberating Personal Data »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Nuix

Nuix

Nuix specialise in extracting knowledge from unstructured data. Applications include Digital Forensics, Cybersecurity Intelligence, Information Governance, eDiscovery.

Zertificon Solutions

Zertificon Solutions

Zertificon is a leader in professional email encryption and data security.

Morphisec

Morphisec

Morphisec's world leading prevention-first software stops ransomware and other advanced attacks from endpoint to the cloud.

Systancia

Systancia

Systancia offer solutions for the virtualization of applications and VDI, external access security, Privileged Access Management (PAM), Single Sign-On (SSO) and Identity and Access Management (IAM).

National Cyber Security Directorate (DNSC) - Romania

National Cyber Security Directorate (DNSC) - Romania

DNSC (formerly CERT-RO) is the Romanian national cyber security and incident response team.

Wizlynx Group

Wizlynx Group

Wizlynx services cover the entire risk management lifecycle from security assessments and compliance to the implementation of security solutions and provision of Managed Security Services.

Tutamantic

Tutamantic

Tutamantic develops software that reduces security risks and weaknesses during the architectural and design stages.

Secure IT Disposals

Secure IT Disposals

Secure IT Disposals specialise in professional Computer Recycling, Computer Disposals, Computer Destruction, Data Erasure and end-of-lifecycle solutions.

CYDES

CYDES

CYDES is the first event in Malaysia to showcase advanced solutions and technologies to address cyber defence and cyber security challenges for the public and private sectors.

Cyber Pop-Up

Cyber Pop-Up

Cyber Pop-Up provide on-demand access to top security experts. No recruiting. No onboarding. No overhead costs.

Microchip Technology

Microchip Technology

Microchip Technology Inc. is a leading provider of smart, connected and secure embedded control solutions.

National Cyber Safety and Security Standards (NCSSS) - India

National Cyber Safety and Security Standards (NCSSS) - India

National Cyber Safety and Security Standards has been started with a great vision to safeguard India from the current threats in the cyber space.

US Digital Corps

US Digital Corps

The U.S. Digital Corps is a new two-year fellowship for early-career technologists where you will work every day to make a difference in critical impact areas including cybersecurity.

IN4 Group

IN4 Group

IN4 Group is a skills, innovation and start-up services provider that specialises in supporting businesses with the training, communities, networks and advice they need to scale.

Autobahn Security

Autobahn Security

Autobahn Security is a growing team of 80+ experts from 25+ nationalities, established in 5 countries. We’re working hard to make Autobahn Security the No. 1 solution for improved hacking-resilience.

at-yet (@-yet)

at-yet (@-yet)

at-yet are an interdisciplinary team of experts. We are all about achieving results, whatever the situation – an acute incident, risk minimisation, safeguarding or data protection.