Cyberattack affects Port of London website

The Port of London Authority maintains the integrity of the Thames from Teddington Lock to the North Sea

Image:
The Port of London Authority maintains the integrity of the Thames from Teddington Lock to the North Sea

A suspected Iranian group has launched a DDoS attack against the Port of London's website and boasted about it on Telegram.

The group, known as ALtahrea, launched the attack - spotted by Check Point Research - on Monday night and claimed responsibility on Telegram.

The Port of London Authority is a public trust responsible for maintaining and supervising navigation up and down the Thames Tideway, from Teddington Lock to the Kent/Essex Strait where the river reaches the North Sea. It is also in charge of protecting the river's environment.

ALtahrea is known to be politically motivated, with pro-Iranian tendencies. Its members have previously launched attacks against Israeli targets like the Jpost and Israeli Port Authority, as well as threatening the Nasdaq:

It is suspected that either Iran directly operates the group itself, or it is staffed by Iraqi citizens that support Iran.

The group tends to use DDoS attacks, which draw attention but cause little damage overall - another factor suggesting political motivations.

The attack took down the Port of London's website, although it is back up and running now. The PLA's operational systems were unaffected.

Dr Kemedi Moara-Nkwe, a research fellow in the Maritime Cyber Threats Research Group at the University of Plymouth, said the attack provides "yet more evidence that organised attackers who wish to cause maximal disruption are increasingly looking at maritime ports and vessels as primary targets for their attacks."

He continued, "It is therefore critical for any major port which may be facing disruption to any of its services due to a cyber-attack to act quickly to mitigate the potential impacts that the attack may cause on its own operations, other stakeholders in the supply chain and the maritime sector as a whole. This should involve, among other things, engaging the National Cyber Security Centre (NCSC) - which acts as the UK's designated computer system incident response team (CSIRT) for the UK's critical industries. The NCSC can then, if they deem appropriate, act to both assist the port in the attack recovery process and also act to warn other UK ports of potential risks of this attack spilling over to them. If the port authority has officially been designated as a provider of an essential service or an operator of critical infrastructure, then the Network and Information Systems (NIS) incident reporting regulations compel the port to undertake the above action."