NewsBite

Advertisement

This was published 1 year ago

Cyberattack threatens to spark Christmas goods shortage

By Colin Kruger, David Swan and Shane Wright

Australia’s biggest ports operator is unable to say when it will recover from a cyberattack that has brought its operations to a halt, stoking concerns about shortages of everything from medical supplies to Christmas toys.

DP World, which manages 40 per cent of Australia’s container shipments through terminals in Sydney, Melbourne, Brisbane and Fremantle, said on Sunday it was in talks with rival operators to get freight moving at the ports while it worked to restore its operations following the attack on Friday.

DP World has been forced to shut its port operations around Australia following Friday’s cyber incident.

DP World has been forced to shut its port operations around Australia following Friday’s cyber incident. Credit: Wolter Peeters

The company could not provide an estimate of how long it would take to recover from the cyberattack, but experts predict it could take weeks, prompting price rises and adding to inflationary pressure.

AMP chief economist Shane Oliver said a lengthy disruption to UAE-owned DP World’s operations could ripple through the broader economy and help trigger another interest rate rise.

He said the attack on DP World, and its inability to move freight in or out of its ports, constituted a supply shock, and a prolonged closure could push up prices of goods, which in turn would force the Reserve Bank to consider a further interest rate rise at its meeting in December.

“It goes to the nature of the supply shock here, and this could have an impact on the prices, and inflation rate, of goods, which has been coming down. If this stops that, or it pushes up prices, then the Reserve Bank could be looking at it at their December meeting,” he said.

However, senior Westpac economist Justin Smirk said the Reserve Bank was starting to take disruptive events such as cyberattacks on supply chain infrastructure into account.

“The bank knows these sorts of things can occur. The Reserve would have worked through how this would play out, so I think they’d look through it,” he said.

Paul Zalai, head of the Freight & Trade Alliance, which represents Australian importers and exporters and is well placed to understand the impact of the DP shutdown, warned a lengthy disruption to operations would leave goods sitting at ports instead of hitting the shelves.

Advertisement

“An ongoing delay is going to have a significant impact on all import and export containerised trade,” he said.

Shipping containers are typically used to carry household goods, furniture, electronics and toys that are then trucked to distribution centres and onto retailers.

“This incident does not discriminate. All imported containerised cargo will be impacted, which could potentially range from medical supplies through to toys for Christmas. The full impacts will be known in coming days in terms of the nature of goods stuck in the thousands of containers sitting idle at DP World’s terminals nationally,” Zalai said.

However, online shoppers are likely to escape the worst of any disruption — most e-commerce retailers use air freight for delivery.

Loading

Grocery giant Woolworths said it was keeping a close eye on the issue, with most of its festive-season stock onshore.

“We’re monitoring the situation. However, we don’t anticipate any immediate impacts at this time,” a spokeswoman said.

Endeavour Group, which operates liquor giant Dan Murphy’s, declined to comment. Wesfarmers, which operates Target, Kmart and Bunnings, was approached for comment.

The Australian Federal Police has confirmed it is investigating the incident, which cyber experts believe to be a ransomware attack.

“As the matter is ongoing, it would not be appropriate to comment,” the AFP said.

Late on Saturday, National Cyber Security Co-ordinator Darren Goldie indicated there would not be a quick fix for the incident.

“This interruption is likely to continue for a number of days and will impact the movement of goods into and out of the country. DP World Australia is working with its stakeholders to consider the impacts on its operations at specific ports,” he said.

On Sunday, Home Affairs and Cybersecurity Minister Clare O’Neil described the hack as serious and ongoing.

“This incident is a reminder of the serious risk that cyberattacks pose to our country, and to vital infrastructure we all rely on,” she said.

Home Affairs and Cyber Security Minister Clare O’Neil says the DP World hack is a serious incident.

Home Affairs and Cyber Security Minister Clare O’Neil says the DP World hack is a serious incident.Credit: Oscar Colman

Cybersecurity researcher Troy Hunt, the founder of data breach tracker Have I Been Pwned, said disruptions to Australian consumers could last weeks and affect Christmas deliveries.

“If you think back to COVID, look at the sheer number of things that got disrupted just because bits and pieces couldn’t get delivered,” Hunt told this masthead. “It depends on what’s actually been done here as well; have [DP World’s] internal systems been trashed?”

He pointed to preliminary research from cybersecurity veteran Kevin Beaumont that found DP World had probably fallen victim to a ransomware attack made possible by a vulnerability in Citrix NetScaler software.

Hunt said ransomware groups were now far more professional than they used to be, running websites listing every victim along with a countdown timer showing how much longer they had to pay up.

“There’s … a financial motive for this sort of stuff,” he said. “Of course, we’ve seen this in Australia recently with the Medibank situation, we’re seeing this more and more.

“If you have a spin through some of the dark web ransomware websites, it’s just stunning the number of organisations that are listed on there.”

The Business Briefing newsletter delivers major stories, exclusive coverage and expert opinion. Sign up to get it every weekday morning.

Most Viewed in Business

Loading

Original URL: https://www.theage.com.au/link/follow-20170101-p5ejcm