The recent cyber attack on a major Australian ports operator that halted 40 per cent of the country’s shipping operations for a whole weekend was caused by Russian hackers who used a common Citrix vulnerability to bring DP World Australia to its knees, according to a frustrated trade union.
On Monday, the Maritime Union of Australia – which represents employees at DP (Dubai Ports) World Australia – placed the blame squarely at the port company’s management for what it described as “one of the gravest failures of corporate governance in recent history”.
According to the union, a Russian cyber crime group was behind the incident that caused the DP World’s four Australian container terminals in Sydney, Brisbane, Melbourne, and Fremantle to shut down.
An estimated 30,000 shipping containers were left idle while the IT systems were brought safely back online.
A known Citrix vulnerability is understood to have been the attacker’s way into DP World’s systems.
“The software DP World uses has been exploited by Russian criminals in other parts of the world over several months,” Maritime Union of Australia assistant national secretary Adrian Evans said.
“Patches were available but not applied, so the company must be held responsible for this catastrophic failure and the massive sovereign risk in Australia’s supply chains it has exposed us to.”
A DP World spokesperson told Information Age that the company was still investigating the incident and did confirm or deny if attackers leveraged unpatched Citrix software.
“We have determined that some data was accessed and/or exfitrated from our Australian corporate network,” the spokesperson said via email.
“We are undertaking a review of potentially impacted data as a priority. Given the ongoing forensic work required to assess impacted data, this review may take some time.
“There was no ransom demand.”
The Maritime Union of Australia fears the personal information of employees may have been taken by bad actors during the attack.
“Dubai Ports haven't answered one simple question,” Evans said. “How many workers’ records were accessed and what steps should these workers take to secure their information and their families’ financial security in the wake of this hack?”
The union wants to see DP World’s executives dragged in front of a parliamentary inquiry in the same fashion as outgoing Optus CEO Kelly Bayer Rosmarin. It is currently negotiating a new agreement with DP World.
In recent weeks, the government has been vocal about its expectation that businesses must keep their IT software updated to mitigate against avoidable attacks.
Less than a month ago, Home Affairs Minister Clare O’Neil specifically called out companies that were still being caught out by a Citrix vulnerability that had been remedied over a year ago.
“We’ve made great progress on cyber but we’re still seeing plenty of examples where basic hygiene isn’t being looked after,” she said at the time.
Last week, the Australian Signals Directorate published its latest Cyber Threat report which likewise lamented unpatched systems in a year when there had been a 23 per cent increase in the number of reported incidents.