September 30, 2020 General 299

Latest 29.09 Customer Advisory Global Update - CMA CGM Group

The CMA CGM Group is currently dealing with a cyber-attack. We have decided to temporarily suspend all access to our eCommerce websites to protect our customers. Our teams are fully mobilized and access to our information systems is gradually resuming.

All communications to and from the CMA CGM Group are secure, including emails, transmitted files and electronic data interchange (EDI) interfaces.

Maritime and port activities are fully operational.

Regarding your bookings:

    1. All bookings confirmed before Sunday, September 27th 3.00 pm (CEST) are secured and will be attended to.
    2. For new bookings after this date:
      • If you use a direct EDI connection or a platform such as INTTRA / GT Nexus / CargoSmart: please continue to follow the usual process.
      • If you use the CMA CGM Group’s eCommerce platforms, we offer you the following 2 alternatives to place your bookings.

It appears to be a lot deeper trouble than it seemed. There is no ‘restoration’ of system to original state, in sight. What has made me curious, ‘Ragnar Locker’ attack works on Windows machines only, Did it only effect their IT team’s workstations, or may god-forbid they run their web server on ‘Windows’ too, If they are restored I will tried to find it out, or maybe, it’s their LAN Windows server that got effected.

Few Lessons:

  1. Always use Linux or Mac OSX especially for your IT teams, Windows being the most popular OS, is a lot more vulnerable to hacking than any other Operating system.[2]
  2. I have not used ASP dot net, But I think it can run on any web server operating system (Linux), avoid Windows Server. EVEN if you have to use ASP over ROR etc. [1]

[1] You can use Mono to run ASP.NET applications on Apache/Linux, however it has a limited subset of what you can do under Windows. As for “they” saying Windows is more vulnerable to attack – it’s not true. IIS has had less security problems over the last couple of years that Apache, but in either case it’s all down to the administration of the boxes – both OSes can be easily secured. These days the attack points are not the OS or web server software, but the applications themselves. (StackOverflow)

[2] Windows I am not implying is ‘less’ secure, it is just too much vulnerable due to its market share.

TRON® is the leading and versatile freight forwarder in Pakistan, providing complete door to door coverage in Pakistan, North America, Europe, and Asia through our network of partner offices. Learn More.