The Three Most Common Mining Industry Cyber Threats

The Three Most Common Mining Industry Cyber Threats

The mining industry is evolving rapidly, with digitization, automation and IoT devices fueling operational efficiencies. However, these advances come at a cost: an increasingly connected operating environment exponentially expands the threat surface. This makes mining operations more vulnerable to cyber threats, and more difficult to protect against attacks.

But what do cyberattacks on mining companies look like, and what can operators do to build cyber resiliency? Read on to learn about the three most common cyber threats facing the mining industry – and the steps they should take to deflect potential attacks.

The Perfect Cyber Threat Storm

For decades, mining companies relied on legacy industrial control systems (ICS) that kept them isolated (i.e., air gapped) from broader corporate IT systems. But with mounting pressure to improve profitability through operational efficiencies, organizations have embraced Industrial Internet of Things (IIoT) technologies. The integration of IIoT devices into control systems, and the subsequent connection of once-isolated operational systems with a mine’s entire enterprise network, leaves entire operations open to cyber threats.

And these threats are real. In fact, in a recent information security survey, 54% of mining and metals companies suffered a significant cyber security incident in the last year. Threat actors know that exploiting one weak spot in a mine operator’s IT system can often deliver access to the entire IT/OT network. Attackers are now taking advantage of the cyber security gaps present at many mines. It’s fair to say that the stakes are high: a successful attack can put mining operations, equipment, data and employees at risk. Even a single safety or environmental incident can impact revenue and significantly compromise market value.

For example, in March 2019, Norsk Hydro, one of the largest aluminum producers in the world, experienced a crippling cyberattack. It paralyzed the company’s computer networks, forcing it to isolate plants and switch some operations to manual. Altogether, the attack cost Norsk Hydro up to $70 million.

The High Cost of a Mining OT Cyber Security Incident

Cyberattack by the LockerGoga malware
In March 2019, one of the largest aluminum producers in the world experienced a crippling cyberattack by the LockerGoga malware. It paralyzed the company’s computer networks, forcing it to isolate plants and switch some operations to manual.

While many mine operators may feel unprepared to face this new reality, there are steps they can take to detect and protect against cyberattacks. Here’s what the mining industry needs to know about their likely threat sources.

Understanding Mining Industry Cyber Threats

How do mine operators anticipate cyber threats and protect themselves? The first step is understanding where threats come from, and rapidly identifying them when they occur.

Here are the top three most common threats observed in the mining industry:

1. Cyber Espionage

A recent cyber security report found that most mines are attacked for intelligence gathering. In fact, this was the motive for 96% of attackers.

Nation-state sponsored hackers and corporate interest groups view mining companies as treasure troves of data, and for good reason. Geological exploration research contains details on the location and value of natural deposits. Corporate strategy documents contain pricing information and the particulars on proprietary extraction and processing technology. The list goes on and on.

Insight into business strategies and mine value could be leveraged in M&A negotiations to lower the price of the acquisition target or outbid a competitor. Trade secrets and intellectual property (IP) can be used to reduce R&D costs and gain long-term competitive advantage.

Global mining company BHP Billiton found this to be true in 2011, when espionage campaigns launched by nation states and competitors targeted the company to gain access to market pricing for key commodities.

2. Phishing Attacks

Phishing campaigns, typically containing malware disguised as a link or attachment in an email, have grown more common in the mining industry. They are designed to trick a user into divulging confidential or personal information that can then be used for fraudulent purposes.

Nozomi Networks Labs
The Nozomi Networks Labs security research team investigates and shares information on phishing campaigns that target industrial organizations, like mine operators and critical infrastructure providers. .

Phishing campaigns increasingly target certain groups or individuals, such as senior executives, operations supervisors, control system supervisors, instrumentation technologists and equipment diagnostic leads. According to a cyber security report released in 2019, more than 38% of email users in the mining industry were hit with a malicious email in the last year.

The mining industry has already witnessed how devastating phishing attacks can be. The April 2016 attack on Canadian mining company Goldcorp resulted in the theft of over 14 gigabytes of corporate data. Additionally, a 2014 email phishing attack on a German steel mill resulted in “massive damage” to the plant’s production systems.

3. Third-party Access

Mining operations often rely on third-party vendors to provide support services, like equipment assembly and maintenance. However, suppliers may not follow the standard cyber security practices needed to protect an interconnected network.

For instance, if a vendor connects a malware-infected USB or laptop to the network, it can provide the entry point for malicious software to cross the IT/OT divide and compromise a mining company’s OT system. Vendors may also create system vulnerabilities by allowing weak login credentials on maintenance and other software programs.

Cyber threats that originate with third-party vendors can be either intentional or accidental. But, unless properly managed and audited, vendors’ access to internal systems puts production, equipment and corporate data at risk. Compound one weak point in the network with access by multiple vendors, and hackers could easily infiltrate the ICS environment.

Detecting and Mitigating Cyber Threats

While mining industry cyberattacks have not been widely covered in the news, industry reports show they are common, and increasing in frequency. To adequately prepare for a possible threat, mine operators must understand that integrated OT and IT systems open their network to more risk. It’s imperative to put the defenses in place to detect and manage cyber threats.

Nozomi Networks helps mine operators rapidly detect potential cyber threats in the industrial network. It delivers superior operational visibility, real-time network monitoring and threat detection in a single, unified visibility and cyber security solution. By considering both network connections and process state, it quickly detects system anomalies – both accidental and intentional – and prompts proactive responses to detected threats.

To learn more about how the Nozomi Networks solution can help proactively identify anomalies, and dramatically increase visibility and cyber resiliency for your mine’s ICS, download the industry brief available below.