[BreachExchange] UN Shipping Agency Forced Offline After Cyber-Attack

Destry Winant destry at riskbasedsecurity.com
Mon Oct 5 11:03:05 EDT 2020


https://www.infosecurity-magazine.com/news/un-shipping-agency-offline/

The United Nations agency for international shipping came under
cyber-attack at the end of last week, forcing a number of services
offline, it has emerged.

Headquartered in London, the International Maritime Organization (IMO)
is responsible for the regulation, safety and security of global
shipping.

However, it revealed in a tweet last Wednesday that its website was
“undergoing some technical issues.” It admitted a day later that these
had actually been caused by malicious actors.

In a longer announcement on Friday recapping the incident, the IMO
said its Global Integrated Shipping Information Systems (GISIS)
database, document repository IMODOCS, and its Virtual Publications
service had been affected by the attack but were now restored.

However, at the time of writing, Virtual Publications appeared to
still be offline.

The IMO said restoration of the other unnamed services affected by the
attack would take place “as soon as possible and as safe as possible.”

“The interruption of web-based services was caused by a sophisticated
cyber-attack against the organization’s IT systems that overcame
robust security measures in place. IMO has ISO/IEC 27001:2013
certification for its information security management system. IMO was
the first UN organization to get this certification in 2015,” the IMO
explained.

“The IMO headquarters file servers are located in the UK, with
extensive backup systems in Geneva. The backup and restore system is
regularly tested. Following the attack the secretariat shut down key
systems to prevent further damage from the attack.”

The organization’s email and virtual meeting platforms were unaffected
by the incident, it added.

The incident sounds like a ransomware attack: just last week it was
revealed that French shipping giant CMA CGM suffered such an outage
after a breach at its Chinese offices impacted the availability of
some servers and applications.


More information about the BreachExchange mailing list