Collateral Damage Case Study – Maersk

Maersk is a shipping company, responsible for around one fifth of the world’s cargo shipping, and carrying cargo throughout the world in its millions of tons. In 2017, Maersk, the shipping giant, became collateral damage of a nation state cyber attack. 

Russian nation state hackers were aiming their attacks at Ukraine, using the malware NotPetya sent through emails which when opened, led to the infection of banks, airports and energy companies throughout the country. Although Ukraine was the target of these attacks, the malware affected many others outside of the country’s borders. 

Maersk was one of many organisations caught up in the attack, with computers across their company infected by the NotPetya malware. On 27th June 2017, computers throughout Maersk were shut down, access gates were locked, and phones stopped working. The company’s port terminals ground to a halt and its ships stood stagnant at sea. The attackers had ensured that systems could be hacked, accessed and infected, and in the case of Maersk, this cost the company millions of dollars. 

With nation state attacks being so sophisticated and impactful, the results were disastrous not only for Russia’s target victims, but for those affected as collateral damage too. Although not a target, Maersk, among others, was affected extremely, illustrating how seriously collateral damage should be taken as a risk to security.