Blog: Maritime Cyber Security

COSCO incident. Phishing frenzy and exploding goods?

Ken Munro 03 Aug 2018

If you haven’t seen the coverage, COSCO the world’s 4th largest shipping line has had a ransomware outbreak.

Sounds terribly familiar, doesn’t it. One wonders why on earth they didn’t carry out a thorough review after the Maersk incident, so as to be rather better prepared.

Phishing time

Breaches are a great time for scammers and hackers to take advantage. A common technique is to distract an organisaion with a denial of service or ransomware attack, whilst hacking other parts of the network elsewhere.

COSCO published a series of temporary Yahoo! mailboxes for shipping instructions and other essential data.

Something like 40 temporary mailboxes were set up. All with complex addresses, e.g. [email protected], that would be very easy to create similar clones. Would you spot [email protected] or [email protected] for example? The first example uses the capital ‘i’ rather than the letter ‘L’.

There are several addresses that involve billing instructions. A hacker with a little knowledge of shipping payment systems could take full advantage of the confusion of email addresses.

Indeed, there have been plenty of examples of invoice fraud around bunkering payments in shipping, even without the additional confusion of a network outage at a major organisation.

Hackers exploit confusion, often to great financial success.

It’s a time to be extra viligant, so ensure anyone in your organisation who deals with COSCO is well trained to spot scams.

HAZ and OOG codes

COSCO put a temporary ban on hazardous and out-of-gauge container shipments. I would speculate that this was owing to the additional processing requirements of HAZ and OOG shipments. Possibly involving processing systems that were unavailable as a result of the ransomware outbreak.

I’ve blogged previously about the potential to manipulate HAZ goods codes but I wonder if the incident has created a perverse incentive to cover up hazardous shipments?

Scenario: you need to ship some hazardous goods urgently. Your client is screaming at you to make it happen. You try to book the shipment, but your shipper’s systems are down and can’t accept HAZ materials.

What do you do? Try to find another shipper? Or do you remove the HAZ code, book the shipment and hope? It’s not THAT hazardous, after all…. you think.

You’re undoubtedly liable in the event of an incident, but I suspect that undeclared hazardous materials will be shipped as a result of the COSCO incident.

Not a pleasant thought.


Please, go audit your IT systems to make sure they’re up to date and well patched. Do you want to be the next Maersk / COSCO?