Following a cyber-induced downtime over the weekend, four major ports in Australia, operated by Dubai-based DP World, resumed operations on Monday. This incident significantly impacted the country’s freight movement, responsible for about 40% of Australia’s trade, as highlighted by Clare O’Neil, the country’s cybersecurity and home affairs minister.
DP World’s media statement acknowledged the attack but refrained from specifying its nature, emphasizing an ongoing investigation probing potential data access and theft. Speculation surrounding ransomware surfaced, amplified by cyber-threat researcher Kevin Beaumont’s connection to the Citrix Bleed vulnerability. However, conflicting reports emerged, with a source close to DP World dismissing ransomware involvement, citing unauthorized access instead.
Casey Ellis, Bugcrowd’s founder, emphasized systemic vulnerabilities in critical infrastructure, including ports, due to legacy technology and a historical focus on availability over cybersecurity. To mitigate the attack, DP World shut down local systems during the weekend, causing a backlog of approximately 30,000 shipping containers at ports.
Despite the disruption, DP World clarified that while landside operations were affected, ship movements remained unaffected, alleviating some impact on the shipping industry. By late Sunday, normalcy returned to DP World Australia’s operations; however, national cybersecurity coordinator Darren Goldie cautioned against premature conclusions, highlighting ongoing remediation efforts and persistent supply chain concerns.