The International Maritime Organisation (IMO) has become the latest international shipping organisation to be targeted by a cyberattack.
It said a number of its web-based services became unavailable on Wednesday 30 September, including the IMO public website and other web-based services, although it said the IMO’s internal and external email systems continued to function.
It added: “The interruption of web-based services was caused by a sophisticated cyber-attack against the organization’s IT systems that overcame robust security measures in place.”
It said the IMO headquarters file servers are located in the UK, with extensive backup systems in Geneva, noting that the backup and restore system was “regularly tested”. Following the attack, the IMO secretariat shut down key systems to prevent further damage from the attack.
The IMO said it was working with UN International Computing Centre (UN ICC) and security experts to restore systems as soon as possible, to identify the source of the attack, and further enhance security systems to prevent recurrence.
Since yesterday, service has been restored to the GISIS database; IMODOCS; and Virtual Publications. For security reasons, these systems were not available for a few hours early this morning but they are now back up and running, the IMO said. It said service will be restored to other web-based services as soon as possible and as safe as possible.
The organisation commented: “The Secretariat takes its responsibilities for cyber risk management and information security management extremely seriously and has acted immediately to address the cyberattack and to implement measures to ensure the risk of recurrence is minimised.”
The attack comes days after global container shipping group CMA CGM suffered a cyber attack in which data is believed to have been accessed.
CMA CGM said it is working to reinstate its full online booking capabilities following the cyberattack at the weekend that forced it to temporarily suspend access to its in-house e-booking systems. However, the company revealed to Lloyd’s Loading List that it suspects there has been a data breach due to the cyberattack.
A spokesperson for the company told Lloyd’s Loading List: “The CMA CGM Group continues to be fully mobilised to restore all its information systems. The back-offices (Shared Services Centres) are gradually being reconnected to the network thus improving the booking and documentation processing times.
“We suspect a data breach and are doing everything possible to assess its potential volume and nature. Our technical teams, alongside independent experts, are continuing the investigation. Updates will be provided regularly as the situation evolves.”
It was unclear at the time of writing the extent of the suspected data breach and whether confidential customer information has been compromised.
The company has previously stressed that its maritime and port activities “are functioning as per usual”, and that all communications to and from the CMA CGM Group “are secure, including emails, transmitted files and electronic data interchange (EDI)”.
However, it had temporarily suspended all access to its “eCommerce websites” to protect its customers, and these are understood to still be unavailable.