Ransomware attack on mining operations “almost inevitable,” says cybersecurity expert

Stock image.

Last month, Weir, a major supplier to the mining industry, was the victim of a crippling cyberattack that forced it to isolate and shut down its core IT systems, including enterprise resource planning and engineering applications.

The resulting disruptions included engineering, manufacturing and shipment rephasing, which resulted in revenue deferrals and overhead under-recoveries. The operating profit impact of Q4 revenue slippage is expected to be between $13 to $27 million for 12 months.

Cyber security was a growing threat for miners long before the pandemic – it was listed among the top 10 business risks and opportunities facing mining and metals for the last two years,  according to a 2020 EY report.

“The world’s leading mining companies are now unanimous in reporting that cyber threats are a principal risk to them achieving their goals,” according to a Marsh report, Cyber Risk: Threats and Insurance Protection for the Mining Sector.

“The use of networked systems has progressively increased across all aspects of mining operations, from exploration and extraction, through processing and logistics, to sales and marketing – while a range of cyber-attacks on the sector and industry at large have stimulated concern,” the report reads. 

Before cyberattack became a buzzword, David Masson, director of enterprise security at AI cyber security company Darktrace, was working in security and intelligence environments in the UK and Canada across civilian, military and diplomatic circles, having held management positions at CSIS, a division of Public Safety Canada, the UK Ministry of Defence and Royal Auxiliary Air Force. 

“Ransomware has been around for a long time, but has become more prevalent since about 2015 – the reason is, it’s an easy attack to monetize,” Masson told MINING.COM. “What ransomware can effectively do is encrypt data so it can’t be read any more – it can take a whole system down, from front to back.”

David Masson. Submitted image.

“In the modern era we’re in – it is almost inevitable,” Masson said. “The threat actors will get inside your network. What is not inevitable is that damage will then take place – if you can deploy technology to stop the damage from taking place.” 

Masson said self-learning cyber AI technology looks for change in a computer network’s patterns, and what makes it easy to monetize is the lack of banking information needed in this age to transfer funds. 

It is, essentially, cryptocurrencies fueling the fire and the demand is to pay for the key to decrypt the files so they can be read again.

“It’s become easier and easier to carry out these attacks,” Masson said. “ It’s become more prevalent during the pandemic because of a surge in the threat landscape,” said Masson. 

“During the pandemic there have been more opportunities for threat actors to attack networks.”

The consequences of an attack on the mining industry aren’t just economic – they would be geopolitical, Masson said. “If a prevalent metals export country couldn’t mine the metals for a month – what would happen to the price?”

When a supply chain gets disrupted – the price of a commodity goes up, Masson pointed out, adding that attackers trying to ransomware mine operations know this. 

Masson says operational technology is easier to attack than information technology, and that a successful ransomware attack on a major could halt operations to the extent that it could hold a metals price hostage, or shut down a nation’s port operations.

“If mining was under severe attack… [it] would be a major issue for critical infrastructure,” Mason said. 

Darktrace software, he said, protects IT and OT using artificial intelligence – AI focuses on the business, rather than the breach, and understands the applications and the patterns used to communicate with your office. The AI sees a change in the patterns and will alert the network. 

“If you can see the attack in its early stages – you don’t actually get hacked. All these attacks have to start somewhere before they can proceed.  We can use artificial intelligence to prevent the attack,” Masson said. 

“The best solution to cyberattack is AI. You don’t have to deal with what happened – it deals with what is happening now [with] cyber solutions technology.”

“With a ransomware attack on OT– the drills stop, the conveyor belts stop. It shuts down ability,” Masson said. “You need to protect the physical, accountable processes that are involved in mining.” 

As for Weir, the company announced this week it is acquiring Motion Metrics, a developer of artificial intelligence and machine vision technology used in mines — in a $118 million deal.