DP World Cyberattack
November 2023 by Yossi Rachman, Director of Security Research, Semperis
The Commentary from Yossi Rachman, Director of Security Research, Semperis
The recent cyberattack on DP World will catch the attention of every retailer given the proximity to the start of the Christmas shopping season. While specific details of this hack are scant and the investigation is ongoing, DP World took the precautionary step of disconnecting its network to limit potential damage, which left the company unable to import or export thousands of containers over the past several days. Today, they are still not operating at full capacity and that means massive revenue losses.
Cyberattacks against port authorities aren’t new and cyber criminals are fully aware of the disruptions that attacks cause. In fact, during this time of year, hackers will be attacking retailers and their suppliers with fury because, according the National Retail Federation, holiday shopping revenues are expected to top $957 billion in the U.S. alone. Criminals also know that more retailers are likely to pay a ransom during the busy season because they cannot afford any downtime.
It is essential for retailers to know what their critical systems are (including infrastructure such as Active Directory) before attacks occur. If any retailer hasn’t taken this necessary step, it is too late for the 2023 holiday season, but that doesn’t mean they can’t start preparing now for 2024. Tabletop exercises that simulate critical systems’ recovery before an incident occurs are important. By preparing in advance, defenders can make their organisations so difficult to compromise that hackers will look for softer targets.
Companies should also monitor for unauthorised changes occurring in their Active Directory environment which threat actors use in most attacks - and have real-time visibility to changes to elevated network accounts and groups. In addition, roll out security awareness training to all employees in 2024 as the weakest link in an organisation’s ecosystem are employees that unsuspectingly click on malicious links.