Operations at Japan’s Port of Nagoya resume, after probable LockBit ransomware attack
The Port of Nagoya, Japan’s largest and busiest port, has been targeted by ransomware, affecting container terminal operations. The port handles over two million containers and 165 million cargo tonnage annually, including operations of Toyota Motor Corporation for car exports. The port operator said Wednesday that it suspects a cyberattack.
Kyodo News reported Thursday that container movements at Japan’s busiest cargo port fully restarted Thursday evening, a Nagoya port association said, after an attack by Russia-based hackers on its computer system caused disruptions for two and a half days.
The Port of Nagoya had initially planned to resume operations on Thursday morning. Quoting the Nagoya Harbor Transportation Association, Kyodo said that the repair work on the computer system infected with the virus took longer than scheduled.
The hacker group, LockBit 3.0, demanded a ransom for returning control of the system, according to the association.
The association said it has not been in contact with LockBit 3.0, nor has it paid any ransom.
On Wednesday, Kyodo said that a hacker group based in Russia has attacked the Port of Nagoya. “The group, LockBit 3.0, has made a ransom demand in exchange for the system’s recovery, Nagoya Harbor Transportation Association said, while police have launched an investigation,” it added.
A message indicating that the computer system had been infected with ransomware was somehow sent to a printer, a source familiar with the case said.
“Today, the administrative authority of the Port of Nagoya has issued a notice about a malfunction in the ‘Nagoya Port Unified Terminal System’ (NUTS) — the central system controlling all container terminals in the port,” Bleeping Computer reported Wednesday. “According to the notice, the problem was caused by a ransomware attack that occurred on July 4, 2023, around 06:30 AM local time.”
“Upon investigating the cause, we held a meeting with the Nagoya Port Operation Association Terminal Committee, who operates the system, and the Aichi Prefectural Police Headquarters [and] it was discovered that the issue was a ransomware infection.” — Nagoya Port (machine translated)
The port authority is working to restore the NUTS system by 6 PM today and plans to resume operations by 08:30 AM tomorrow. Until then, all container loading and unloading operations at the terminals using trailers have been canceled, causing massive financial losses to the port and severe disruption to the circulation of goods to and from Japan.
Nikkei reported that “As of noon, the port in central Japan remained unable to load and unload containers from trailers. Police have launched an investigation, saying the operator has received a ransom demand in exchange for the recovery of its system.”
The system failure occurred Tuesday morning when an employee could not start a computer, according to Nagoya Port Authority, according to the Nikkei report. “A message indicating that the computer system had been infected with ransomware was somehow sent to a printer, a source familiar with the case said.”
Toyota said that it cannot load or unload auto parts due to the glitch. But the company added that there has been no disruption to its production so far, and the logistics of finished vehicles remain unaffected because it is managed using a different computer system.
“We will closely monitor any impact on production while carefully examining the parts inventory,” Toyota said. Its suppliers, including Denso Corp., Aisin Corp., and Toyota Industries Corp., have also secured a certain amount of inventory and will only have limited exposure to system failure.
Ron Fabela, field CTO at XONA Systems, has previously said that ports and maritime operations have unique attributes attractive to threats – global footprint, high frequency of contact, and an amplified impact of loss make a cyber attack a critical consideration. “During the NotPetya attack in 2017, the world learned that ports do not need to be specifically targeted to be greatly impacted. Maersk reported losses of up to 300 million dollars. For industrial control systems, specifically ports and maritime, drive-by ransomware events will continue as we move into 2023,” he added.
“The impact of cyber attacks on ports has a downstream effect on numerous critical infrastructures and ways of life for people,” according to Fabela. “Pandemic results on ports further proved how prolonged capability degradation can have far-reaching consequences; cyber attacks will be similar but with more unknowns and increased velocity. As cyber threats become more knowledgeable about industrial operations, ports could be seen as a lucrative target, so preparation, planning, and visibility will be key components to healthy cyber defense programs.”
Mike Hamilton, CISO of Critical Insight said that as the sector-specific agency for maritime ports, the Coast Guard will likely require cyber assessments as part of the biannual Facility Security Plan (FSP) that has always been required. “He said that the cybersecurity rural water systems act of 2023 bill appears to be attempting to cover the fiscal gap created by the new mandates from the EPA to perform a cybersecurity assessment as part of their periodic sanitary survey, similar to mandating that maritime ports must perform a similar evaluation as part of the FSP,” he added.
Craig Jones, vice president of security operations at Ontinue, wrote in an emailed statement that the incident at the Port of Nagoya highlights the serious vulnerabilities that critical infrastructure faces in the digital age. “Ransomware attacks are a growing concern for both private corporations and public entities, and this case underscores the potential for significant disruption to essential services and supply chains. It’s clear that such attacks not only pose security risks but also can have considerable economic impacts,” he added.
Jones added that the incident serves as a stark reminder of the importance of cybersecurity measures for critical infrastructure, particularly those in the logistics and transport sectors. “It’s essential that organizations continue to prioritize investment in cybersecurity defenses, training, and response plans. Additionally, international cooperation to fight against such cybercrimes is of utmost importance. It’s a significant issue that needs collective attention and effort.”
“Ransomware attacks have a far-reaching effect, particularly when a major part of the global supply chain is targeted. The latest victim is the Port of Nagoya in Japan which handles a large amount of Japan’s trade,” Joseph Carson, chief security scientist and Advisory CISO at Delinea, wrote in an emailed statement. “Although the recent Verizon DBIR report shows that ransomware incidents held steady in the past year, they are devastating to the victims when they occur. Hopefully, cybersecurity best practices are in place for resiliency, and the Port of Nagoya will recover quickly without having to negotiate with the cybercriminals.”
Organizations often become victims of cybercrime and ransomware if secrets are not managed correctly and secured with solutions, such as privileged access management (PAM) solutions, according to Carson. “These solutions help protect secrets and enhance security by storing them within a secure vault and enforcing additional security controls such as multi-factor authentication (MFA), access workflows, session management and recording, automated key rotation, and privilege behavior analytics and auditing.”
Darren Guccione, CEO and co-founder at Keeper Security said that industry experts and government agencies advise organizations not to pay out in a ransomware attack, however, it’s a difficult decision because the organization risks losing sensitive information, access to critical files, and the entire network infrastructure they need to operate their business.
“Unfortunately, for some organizations and their customers, the attackers could be holding onto sensitive personal information, and paying the ransom is no guarantee that information won’t be sold anyway. Along with the immediate financial burden, recovering from a loss of that nature can be time-consuming and lead to reputational and operational damages,” Guccione pointed out. “Organizations also need to consider the legal implications of paying the ransom and the cost of preventing further attacks now that bad actors know they’re willing to pay. The most cost-effective method for dealing with a cyberattack is by investing in prevention with a zero-trust and zero-knowledge cybersecurity architecture that will limit if not altogether prevent, a bad actor’s access.”
James McQuiggan, KnowBe4’s security awareness advocate said that the evolving, persistent threat of ransomware attacks emphasizes the continued need for organizations to implement a proactive and comprehensive approach to cybersecurity. “As organizations increase the interconnectivity of critical systems and the potential implications of disruptions, it becomes clear that relying solely on reactive measures is no longer sufficient. Businesses and governments must stay ahead of cybercriminals by investing in advanced threat detection technologies, regularly assessing vulnerabilities, and fostering a solid cybersecurity culture within their organizations,” he added.
The Cyberspace Solarium Commission has released a report on cyberattacks targeting the maritime transportation system (MTS) and recommended U.S. Congress to better resource cybersecurity. The report calls for increased resources for the Coast Guard, an OT (operational technology) testbed, and participation in grant programs to mitigate MTS cyber risk. It also calls for cybersecurity education and workforce programs.
In May, the U.S. House Committee on Homeland Security held a hearing last week on port security vulnerabilities, in which members highlighted high-risk threats posed to U.S. maritime ports by cyber criminals and their adversaries. In the hearing, the Subcommittee heard testimony from the U.S. Coast Guard, the Cybersecurity and Infrastructure Security Agency (CISA), and the Transportation Security Administration (TSA). Before that, the committee sought answers from the Department of Homeland Security (DHS) on the cybersecurity threats posed to business, military, and industrial operations by Chinese-manufactured cranes operating at U.S. maritime ports.
In the wake of the rising threat levels to the maritime sector, the U.K. government released last year the National Strategy for Maritime Security which enhances capabilities in technology, innovation, and cybersecurity. Among other objectives, the five-year strategy seeks to support the maritime sector to be resilient against cyber attacks and other threats, with a focus on building resilient systems and networks to protect data.
Related
