2 Link To White Paper
Podcast: A recap on the Hackett Group’s Key Issues Study Future Made in Australia Office confirmed for PASA’s Canberra Big Breakfast event Procurement Professionals Switching Companies are Seeing 10-25% Salary Increases – Pragma Resourcing SA Government introduces “no brainer” changes to local procurement Podcast: Macro-economic trends, automation, and innovative procurement Procure To Pay or Source To Pay? UK supermarket chief accuses food suppliers of raising prices unnecessarily Event report: PASA’s 3rd Sustainable Procurement & ESG event Queensland SMEs benefit from increase in local procurement spend PASA Conferences 2024: schedule now live Why contracting in procurement can now be a strong career choice Supply chain expertise is in short supply across organisations, according to new UK report

Major DP World cyber attack reportedly caused by failure to fix ‘critical’ supply chain vulnerability

Cyber Attack

DP World, one of the country’s largest port terminal operators, recently suffered a major cyber attack with reports now revealing it was allegedly caused by failure to fix a critical CitrixBleed vulnerability, which allows cybercriminals to break into IT systems.

The attack, which occurred on 10th November, closed down four major Australian ports in Sydney, Brisbane, Melbourne and Fremantle leaving around 30,000 shipping containers stranded, leading to panic that the knock on effects from the disruption could continue for weeks.

Experts suggested that the shock to the supply chain could even increase inflation and force the Reserve Bank to raise interest rates for a fourteenth time if the shutdown continued for weeks rather than days.

At the time, DP World, who handle around 40% of Australia’s cargo, said: “Our teams are working diligently to contain the situation and determine the impact on our systems and data.

“To safeguard our employees, customers and our networks, we have restricted landside access to our Australian port operations while we continue our investigation.”

However, by 13th November, containers were starting to move out of the affected terminals with a number of factors expected to cause further disruptions, but experts believe the impact to supply chains will be minimal.

While DP World has confirmed hackers stole data during a breach, it has not released specific details surrounding the cyber attack and how it came to be.

Reports suggest that cybersecurity analysts believe CitrixBleed (which is classed as critical by the Australian Cyber Security Centre) was the likely cause.

They also claim that devices on DP World’s network were not updated to remove the CitrixBleed vulnerability despite the patch being available for over a month before the attack.

The patch could have prevented the attack from occurring.

Matthew Remacle, detection engineering tech lead at GreyNoise Intelligence told ABC News that the use of CitrixBleed to gain an initial foothold in the network is within the realm of possibility, adding that the process of updating the software and preventing this sort of attack “isn’t complex at all”.

He said: “The unfortunate reality is that patching the devices is quite easy and painless.”

Share

Enable Pasa Ad 300x250

A leading provider of content and events to procurement and supply practitioners throughout Australia and New Zealand.

Linkedin Youtube Twitter

© PASA 2023 All Rights Reserved

Navigation

Get in Touch

Contact Us
Scroll to Top

Contact Us