A cyberattack on DP World, one of the world’s largest port operators, has caused significant disruptions at several major Australian ports. The attack exploited a prototype pollution vulnerability in Plist, a Node.js module for parsing and generating property list files. The vulnerability, identified as CVE-2022-22912, allows attackers to cause a denial of service (DoS) and may lead to remote code execution.
To prevent further damage and contain the spread of the malware, DP World disconnected its systems from the internet and shut down land operations at ports in Sydney, Melbourne, Fremantle and Brisbane. This has affected the movement of freight and the supply chain, causing delays and congestion for customers and suppliers. However, the company can still access sensitive freight at the ports, for instance, if it’s necessary due to a medical emergency, according to Darren Goldie, Australia’s national cyber security coordinator.
The Australian government is assisting the shipping giant in restoring operations. Goldie said that the government is working closely with DP World and other stakeholders to minimize the impact and ensure the continuity of essential services. He also said that the timeframe for interruptions to continue is likely to be a number of days, rather than weeks. He posted this information on Sunday on X, formerly Twitter.
DP World has not shared any information about the attack itself. While shutting systems down is often done in response to a ransomware attack, The Sydney Morning Herald learned from a source that this was not a ransomware attack. Ransomware is a type of malware that encrypts the victim’s data and demands a payment for the decryption key.
On the other hand, Kevin Beaumont, a reputable researcher, reported that it was in fact a ransomware attack and the threat actor leveraged CVE-2022-22912 for initial access. He said that he found evidence of the attack on a public malware repository and that the ransomware used was a variant of REvil, also known as Sodinokibi.
The attack on DP World is the latest in a series of cyberattacks targeting critical infrastructure and supply chains around the world. These attacks have raised concerns about the vulnerability of the global economy and the need for stronger cybersecurity measures and cooperation. Experts have warned that cyberattacks could pose a serious threat to national security, public safety and economic stability. They have also urged governments and businesses to invest more in cybersecurity, to adopt best practices and standards, and to share information and intelligence to prevent and respond to cyberattacks.