MSC sites down; carrier not ruling out cyberattack
Date: Monday, April 13, 2020
Source: American Shipper
In a world where almost everyone works from home and communicates digitally, one of the worst things that can happen is for the company website to go down. The websites of Mediterranean Shipping Co. (MSC) — the second-largest container-shipping liner company in the world — went offline early Friday morning.
There are unconfirmed reports that MSC was the target of a cyberattack. In response to queries from FreightWaves, a company spokesperson replied, “Security is our top priority. While we do not rule out the possibility of malware, we have decided to close down our servers in our headquarters as a first safety measure.”
The spokesperson said the MSC network outage is in one of MSC’s data centers in Geneva, “which affects the availability of some of our digital tools such as msc.com and myMSC.”
MyMSC is the company’s e-business platform, which allows customers to place, manage and track container shipments. The platform’s importance was emphasized in an open letter on the COVID-19 crisis posted by MSC CEO Diego Aponte on Monday. “Already, many of our customers use our online booking platform myMSC and we are actively prioritizing upgrades to this e-business solution,” he wrote.
The spokesperson told FreightWaves, “We’re working towards a full recovery in the shortest time possible” and stressed that MSC’s agency network was still operational and available to help customers.
“Our agencies’ worldwide network is working. Our local agents support customers for all services as usual,” said the spokesperson.
On Saturday, MSC provided an update: It confirmed that the problem was restricted to Geneva and that all non-headquarters departments, terminals and depots remained unaffected. Although customers cannot book through myMSC, they can continue to do so by phone or email, or through other booking platforms such as INTTRA and GT Nexus.
On Monday morning, MSC asserted, “We are confident the issue will be solved shortly.”
World’s second largest liner
MSC is a partner with Maersk in the 2M Alliance, the world’s largest container-shipping alliance in the mainline east-west trades.
Copenhagen-based Maersk, the world’s largest liner company, said in its annual report that it operated a total of 710 vessels with a capacity of 4.1 million twenty-foot equivalent units (TEU).
Geneva-based MSC, which is privately held, is in second place. It disclosed to FreightWaves in November that it had 520 ships, not including newbuildings; Maersk estimated that the average ship in MSC’s fleet was 6,759 TEU. This would put MSC’s fleet at 3.5 million TEU, not including newbuildings. Alphaliner estimated that MSC’s fleet size including newbuildings was 3.8 million TEU.
In the wake of the coronavirus outbreak, the 2M Alliance has canceled a large number of its April and May sailings from Asia to Europe and from Asia to the U.S. On Thursday, 2M suspended its 5,220-TEU-per-week trans-Atlantic service.
In addition to its prodigious cargo operations, MSC is the world’s fourth-largest cruise company after Carnival Corp., Royal Caribbean, and NCL Holding. The coronavirus has decimated the cruise industry.
In a client note published on March 26, Stifel analyst Ben Nolan wrote, “If the coronavirus drives the global economy into serious recession or depression … companies at risk could potentially include privately held MSC, which is the second largest liner company with 16% market share and also a very large cruise operation — which you imagine has seen better days.”
Prior container-shipping cyberattack
If it does turn out that the MSC outage was due to malware, it won’t be the first time the container-shipping industry has faced this issue.
Maersk was severly hit by the so-called NotPetya attack in June 2017. The ransomware was believed to have targeted Ukrainian businesses; Maersk was caught in the crossfire and was forced to reinstall 2,500 applications, 4,000 servers and 45,000 PCs over a 10-day period, with disruptions causing a 20% drop in volume. Maersk said in its 2017 annual report that the attack cost the company $250 million-$300 million.
The financial fallout was so extreme because the NotPetya malware made its way into Maersk systems across the globe. As of Saturday, that was not the case for MSC. Regardless of the cause of the outage, financial and operational consequences would be minimal if the issue remained contained in Geneva.