The mining industry encompasses organizations focused on the exploration for and extraction of valuable minerals and other elements from the Earth. Given the critical need to provide these minerals to a wide variety of downstream manufacturers and suppliers, mining firms are a significant target for ransomware attacks.
Whether by disrupting mining operations or interfering with a time-sensitive supply chains for producers of such items as industrial equipment, lithium batteries and more, threat actors believe ransomware can result in large payouts in the mining sector. This article looks at the state of ransomware in mining and highlights some recent attacks.
Ransomware in Mining Overview
The global mining industry was valued at about $1.64 Trillion in 2020 and is forecast to grow to $2.43 Trillion by 2025. Asia accounts for most of the mining revenue, at about 71% of the global total. In recent years, companies in the mining industry have embraced new technologies that allow for automated extraction and movement of materials as well as Industrial Control Systems technologies to monitor mining sites and provide that data back to company headquarters in real-time. This explosion of technology, the high value of the minerals extracted, the need to communicate with remote locations and the significant negative impacts to the global economy should anything go wrong make this industry a focus of threat actors.
Ransomware Incidents in Mining
Gyrodata, January 2021
Gyrodata is a US-based company that supplies drilling tools to oil companies around the globe as part of their respective exploration and extraction activities. Media reports state that threat actors were able to access Gyrodata’s IT systems in mid-January 2021 and remained in the environment until late February 2021. Gyrodata reported the attack in a public announcement in April 2021, stating that a large amount of their employees’ personal data was compromised. This data included employee social security numbers, names, addresses passport details, W-2 tax forms and more. The company stated that their servers were hit by a file-encrypting malware from the ransomware group known as REvil. It is not known whether or not Gyrodata paid a ransom to get access to their data.
Rio Tinto Group, BHP Billiton Ltd and Fortesecue Metal Groups, April 2010
Media reports stated that Chinese threat actors attacked these three firms with the intention of stealing intellectual property. It is believed the threat actors wanted to acquire the information in order to conduct corporate espionage operations.
BHP Billiton, February 2011
A second large attack on the company took place less than a year after the first one and was again believed to be conducted by threat actors operating from China. The CEO of BHP Billiton stated that he believed the attack was conducted so that certain nation states and competitors of the company could gain access to pricing details for a select number of commodities.
Australian Federal Parliament, April 2011
Chinese hackers gained access to a number of email accounts of the Australian Federal Parliament officials operating in China. These emails were believed to contain conversations between the federal officials and executives at several Australia’s leading mining companies with operations in China.
Thwarting Ransomware Attacks in Mining
From operational disruptions to stealing sensitive data, ransomware attacks in the mining industry highlight the risks for all businesses in this industry. Stopping ransomware in its tracks helps to avoid costly recovery and containment measures. Here are some actions mining companies can take today to thwart ransomware attacks.
Use Anti-Phishing Defenses
Phishing campaigns are a popular vector for threat actors to gain access to a company’s IT infrastructure. By impersonating trusted individuals, hackers can target employees with phony emails or social media messages that get them to disclose passwords or to download malware.
Anti-phishing defenses can include the use of advanced self-learning email filters that block, flag, or quarantine suspicious emails so that they don’t reach target employees. Another anti-phishing defense is to conduct simulated phishing tests to help employees get better at recognizing phishing attacks. Simulated phishing may be particularly helpful for social media phishing.
Secure IoT devices
There has been an explosion of IoT device usage in the mining industry in recent years, from using drones to survey extraction locations, deploying automated extraction and transportation equipment and tracking material movement. IoT devices are notoriously insecure, as are the networks that connect them back to the company’s core infrastructure. It is critical that mining organizations employing these new technologies are working with security firms to understand, implement and monitor for security issues within the IoT deployment.
Leverage Artificial Intelligence
Artificial intelligence continues to evolve and play an increasingly important role in cybersecurity. AI can be used within several types of cybersecurity tools to detect and prevent ransomware. From email filters that leverage machine learning to intelligent user monitoring, AI can help to thwart ransomware before the dreaded encryption or data exfiltration events that cause the bulk of the damage from these attacks.
Closing Thoughts
If there is one overarching message from this article, it’s that mining companies need to treat ransomware as a high-risk incident that they are exposed to at all times. They must understand their risk exposure and make the necessary investments in tools and personnel to keep themselves safe from attack. The adverse effects of a ransomware attack can be incredibly painful for both the company and their downstream customers, so it’s best to get in place the right mindset, tools, and processes to prevent ransomware before it can cause damage.
Article: https://ironscales.com/blog/ransomware-in-mining/