Mærsk is kind of a bad example, because they made real security mitigations afterwards.[0] I cannot speak to whether they whitelist applications, but neither can you.

[0] https://www.csoonline.com/article/567845/rebuilding-after-no...