How Bad Was Maritime Cyber Security in 2021? Consider These 8 Incidents

maritime cyber security

On the cyber security front, 2021 was not a good year for the maritime and logistics industry. Attacks targeting ships increased in frequency by 33 percent – and that came on the heels of a 900-percent increase in attacks against ships and port systems in 2020. Looking at this year while preparing last year’s recap, we have already seen a severe attack on Expeditors in mid-February, which took them 2-3 weeks to begin to recover from. To add to the list for 2022, there was also an attack on a JNCPT container terminal in Mumbai.

The growth in attacks probably reflects, in part, a record-breaking uptick in cyber security incidents of all types over the past year. But it’s also likely that attackers chose to focus on the maritime industry in particular given the crucial role it plays in powering the global supply chain.

Getting ahead of these attacks – and minimizing the damage when events like these do occur – requires a deep understanding of how cybercriminals operate, and what businesses can do to contain the damage when an attack occurs. Let’s take a look at seven of the top cyberattacks of 2021 that impacted the maritime and logistics industry, and consider what each one can teach us about cyber resilience in this sector.

HMM breach

HMM, the South Korean shipping company, suffered a breach in June 2021. The company hasn’t said much publicly about precisely what happened, but it appears that attackers targeted HMM’s email servers.

According to various publications and company statements, the attack forced HMM to take  the system offline for several days, leaving them in the difficult position of instructing its customers to contact its offices by phone, until its email systems came back online.

To HMM’s credit, the company was able to remediate the breach and restore full functionality to its email servers within days. That’s not as fast as it theoretically could have with a well-organized resilience plan in place, but it’s better than taking weeks to get systems back online. HMM also reported that no sensitive data was lost during the attack, which may be a sign that it was able to react quickly enough to contain the breach before sensitive information was exposed.

Want to make sure you are prepared for whatever attack might come your way? Contact us today. 

Multiple attacks on Japan’s “K” line

Japan’s “K” line suffered not one, but two, notable cyber security events in 2021.

The first, in March, stemmed from malware that infiltrated the company’s IT network. That attack took about ten days to contain, with systems being brought back online step-by-step.

The company said relatively little about the second attack, which took place in July, but it apparently involved “unauthorized access to overseas subsidiary systems.” Based on that language, it seems likely that the breach involved a 3rd party, for example a partner or customer’s IT resources – a reminder that it’s important to factor third-party environments into cyber security resilience planning.

Transnet attack

Transnet, the major South African logistics, rail and port operator, also faced an attack in July 2021. The event appeared to be the result of ransomware, but the company did not release many details.

Fortunately for Transnet, the attack was apparently limited to container terminals, leaving most of the company’s other business units operational. However, the cluster of terminals was almost entirely paralyzed for over a week, with the core operational systems taken down and disconnected during forensics and containment. As a result, several vessels decided to omit their calls, and the terminal declared force majeure. This suggests it may have been facing (or was concerned that it would face) severe legal consequences from the relevant stakeholders, such as importers, exporters and shipping lines.

Port of Houston breach

In a good example of cyber resilience, the Port of Houston reportedly contained a targeted cyberattack in August 2021, resulting in minimal damage.

From information that was shared, it appears that the incident occured when cybercriminals exploited a vulnerability in a password manager, to breach the port’s network. From there, they attempted to escalate the breach to gain access to other systems.

The Port of Houston’s IT team apparently detected the breach quickly, however, and took steps to mitigate it. No sensitive data was exposed and no systems were apparently disrupted, according to the port (which reported the attack about a month after it occurred and did not release details regarding how long cybercriminals were active or the exact extent of the breach).

CMA CGM data breach

CMA CGM, the French container shipping company, experienced an attack in September 2021 that exposed customer data.

The positive news was that the attack apparently only led to data leakage, and not to the disruption of any critical systems. The bad news is that the data that was breached included relatively sensitive information like customer names and contact information.

CMA CGM said that it detected the breach by monitoring its APIs. It’s unclear exactly what that entails, or how long it took the company to identify and contain the breach.

Swire Pacific Offshore breach

Swire Pacific Offshore, the Singapore-based shipping company, suffered “unauthorized access to its IT systems” in November 2021.

The company released very little information about the technical details of the event, but said it was working with cyber security experts to investigate and manage the incident. It also said that none of its operations were affected, a fact that implies that the breach was limited to data exposure.

Still, the company reported losing “sensitive proprietary commercial information,” suggesting that the data breach was serious.

Danaos Management Consultants attack

Software supply chain attacks – in which cybercriminals use vulnerabilities in software platforms to breach multiple targets at once – were a major challenge for industries of all types last year.

The maritime industry was no exception. Danaos Management Consultants, a consulting firm, suffered a supply chain breach in November 2021 that allowed cybercriminals to breach the IT networks for multiple shipping companies that did business with the firm.

The cybercriminals apparently aimed to encrypt victims’ data and hold it for ransom. Danaos said that only about ten percent of its customers were affected, however.

The attack is another reminder that cyber resilience planning needs to account for risks that originate in third-party systems, in addition to those that businesses manage in-house.


Hellmann Ransomware attack

At the beginning of December last year, Hellmann Worldwide Logistics were the target of a ransomware attack, which temporarily put a halt to their day-to-day operations. As a result of this attack, they were forced to remove all connections to their central data center, all of which had a significant impact on their business operations. 

The German giant, which runs logistics for air and sea freight, and rail and road transportation, confirmed that their data was accessed before they took themselves offline.    

Maritime cyber security trends

The trend in maritime cyber security is clear: Attacks are increasing in scope and frequency, and cybercriminals are getting better and better at escalating minor breaches into major security incidents. Whether they steal sensitive data, disrupt critical systems or both, businesses suffer major risks.

Unlike other industries, the maritime and logistics companies tend to provide very limited information about any attack, sharing as little as possible. Other sectors already understand that “sharing is caring”, increasing everyone’s resilience by virtue of discussing the experience. 

That’s why preparing your business for cyber resilience is more critical than ever. Not only should you take measures to prevent breaches, but you must also plan ahead to contain breaches – and use cyber drills to practice responses – in order to minimize the damage caused by the attacks that will inevitably occur. 

To learn how we can help with cyber resiliency planning:

Talk To Us


Recent Posts