Cybersecurity
‘Intelligent mining’ digs up a new lode of threats
Attackers are targeting Industrial Control Systems across various industries to disrupt a variety of automated processes.
“Intelligent mining” operations have become the mother lode for cyber criminals as brute force attacks bring operations to a halt and hold mines to ransom.
That’s the view of Dr Pierre Jacobs, head of cybersecurity operations and compliance at CyberAntix, a partner of the Sizwe Africa IT Group.
He says that cyber security attacks have grown to levels that have legitimised this unscrupulous practice, enabling criminals to commit cybercrimes on principles much like those of legitimate businesses. Lone hackers have also not gone away – they may want to disrupt production for fun, to test how far they can go.
“South African mining companies are no exception,” he says. “The transition from traditional mining practices to intelligent mining is exposing the industry to a new frontier of cyber threats.”
Research by Fortinet found that 74% of online businesses have experienced significant IT breaches and, during the Covid-19 pandemic, this was exacerbated. The mining and manufacturing industries, in particular, saw a dramatic increase in intrusion activity, with an 11% increase in network attacks.
Attackers are targeting Industrial Control Systems (ICS) across various industries as these systems control a variety of automated processes, including measuring instruments, packaging machinery, and all the other components of an assembly line that make up any production process. By targeting these systems, attackers know they can adversely affect business operations.
ICS devices are generally lesser known than enterprise information technology (IT) devices such as laptops, desktops, and smartphones as they are typically unique to industries and utilised for specialised systems or operations. This is an area where we are seeing more organised and specialised cybercriminal activities.
The majority of the cyber-attacks against mining companies are attempts to steal intellectual property and other valuable information, such as geotechnical surveys and production plans to disrupt business operations and pose disruptions to supply chains.
Jacobs says that the threat to mines with any level of automation is via devices connected to the Internet of Things (IoT).
Across industries, the first attempt by criminals is usually via e-mail platforms. Desktops, laptops, smartphones and even the office printer, are all potential portals for cyberattacks.
“The reality is that geopolitical threats, the rising geopolitical risks and on-off tensions between other countries, including Western countries and China, also impact mining operations in South Africa. South African exporters are in competition with mines around the world. Any disruption to our supply chains would be to the advantage of competitors across the world.”
Several factors contribute to cyber security breaches, among them a lack of understanding of the Internet of Things and the Industrial Internet of Things (IIoT), weaknesses in the supply chain, poor security practices, both internal and by third-party contractors, identity theft, and inadequate incident response.
“Strategies to mitigate risk should seek to identify and understand the business models and motivation of the cyber criminals. Businesses also need to understand the risks and vulnerabilities of their industry and anticipate threats.
“People, processes and technologies all pose risks, and to address cyber security threats, it’s important to take a three-pronged approach to security – one that focuses on people, processes and technologies. The challenge is to secure the enterprise by locking all the information entrance gates to bridge any gaps in the system.
“Identify critical business systems and then identify risks against those systems. Secure protocols need to be in place wherever there is a connection to the Internet. Real time monitoring and investigation are vital.
“It is imperative to separate OT from IT systems. Businesses need to carefully review their internet access for all systems, with a focus on IT and OT networks.”