The Cyber Attack That's Never Been Officially Announced

We know the Chinese play by their own rules when it comes to cyber attacks. Apparently, that extends to breach notification, as well.

Chinese state-owned shipping giant COSCO never mentioned a cyber attack when it broke the news that there was a problem this week.

"Due to local network breakdown within our America regions, local email and network telephone cannot work properly at the moment."

But it wasn't long until the Journal of Commerce reported the company had actually been hit with a cyber attack, as you see in this tweet:

Next, The Long Beach Press-Telegram confirmed with a company spokesperson that a ransomware attack was the "network breakdown" and the company's website and toll free number were down.

And there is more.

COSCO has now issued three updates on the situation, but has never mentioned the words cyber attack or ransomware in any of them.

But it almost did.

This morning's update says the following: "After the network security problem in the Americas has been detected, to protect the interests of our customers, we have taken proactive measures to isolate internal networks to carry out technical inspections on global scale."

Did you catch that? The company switched from "network breakdown" to "network security problem." The company also says this: "We have started contingency plans, such as transfer of operations and conducting operation via remote access...."

Those plans include setting up a long list of Yahoo and Gmail email accounts and addresses for COSCO customers to communicate with the company. We're talking dozens of these accounts.  

That complete list of addresses was published July 26, 2018, in an FAQ. Hopefully, hackers don't take advantage of that free information that could be used to phish the company or its customers.

Here is what we also learned in the FAQ under the heading "Network Problem."

• By Americas, COSCO means the following: "The network failures affected areas include the United States, Canada, Panama, Argentina, Brazil, Peru, Chile and Uruguay."
• These are the impacted networks: "Email systems in US, Canada, Panama and Peru are temporarily unavailable. Internet phone systems in US, Canada, and Panama are temporarily shut down."
• This cyber incident is not impacting ships. "All the vessels of our company are operating as normal."

Is it possible the company meant to announce a cyber attack or ransomware attack but the news was lost in translation? 

Perhaps.

The latest update says this: "... and we are expecting your kind understanding."

Not exactly how most companies would have worded it.