Some cyber attack targets are more alluring to hackers than others for obvious reasons.
Take the example of health care, which was hammered in 2015. The Washington Post dubbed it “the year of the health care hack.” In 2016, hospitals bore the brunt of the new annual epitaph, “the year of cyber extortion.” In both cases, the motives for heavily targeting health care are fairly self-evident. Hackers want personally identifiable information (names, addresses, Social Security numbers, etc.) that they can sell to identity thieves, and where better to get this than from a health care institution. Likewise, hospitals are a sensible – albeit grossly opportunistic – choice for ransomware. Hackers know that lives may be at stake of a medical institution is unable to access critical patient data.
Then you have banks. Bandits have been robbing these establishments for years for the glaringly obvious objective summed up by infamous bank robber Willie Sutton: “Because that’s where the money is.” It’s not surprising then, that hackers have are playing the role of robbers, hence the Bangladesh Bank heist earlier this year that cost $81 million, which was followed up by a similar attack shortly thereafter.
To an extent, even hacking the electric grid makes some sense. It was certainly shocking after a hacking group succeeded in knocking power offline for approximately 100,000 customers. However, this attack occurred months after industry experts began publishing research about the dangers of a power grid breach, and why cyber attackers might target that vector.
But mining? Why would hackers go after an industry that is principally concerned with extracting raw materials from the earth? More importantly, why is that so few people are aware that this has been an issue?
In a recent white paper published by Trend Micro, author Numaan Huq delved into one of the more under-reported cyber crime arena: the mining industry.
“Early in our explorations within this sector we discovered that the risks and opportunities for exploitation are very large, yet there seems to be extreme reluctance in talking about it,”Huq wrote. “What we are dealing with here are very targeted and coordinated cyber attacks launched by a broad set of attacker groups ranging from hacktivists to hostile governments and organized criminals…”
Huq gave several examples in the paper of cyber attacks that were orchestrated against the mining industry. In 2010, Rio Tinto Group, BHP Billiton Ltd., and Fortescue Metal Group fell prey to cyber criminals that are believed to have originated in Asia. The hypothesized end goal of the attacks was “commercial espionage.” A year later, the Australian Federal Parliament was breached. Hackers broke into officials’ email accounts in order to obtain conversations between ministers and executives of Australian mining companies that were present in China.
Let’s fast-forward a few years.
Early in 2016, shortly after the aforementioned breach of Ukrainian power plants, the same malware used to cause the blackout that affected 100,000 people (BlackEnergy) was involved in a cyber attack attempt on a Ukrainian mining company. While most of the world was keen to the impact BlackEnergy had on the power grid, coverage of the attempted mining breach was minimal.
In April, 2016, a second mining-related breach occurred. This time, the target was Canadian gold-mining firm Goldcorp, and the hackers got what they were after: 14.8 gigabytes of personally identifiable data belonging to employees that was later leaked online.
Between the 2010 breach of Rio Tinto Group and the 2016 attempt in Ukraine, there were 11 other notable breaches and/or leaks involving the mining industry. Incidentally, one of them came to light as a result of the Edward Snowden incident in 2013, when it was discovered that internal conversations at Brazil’s Mines and Energy Ministry had been listened-in on by the NSA.
Relative to many of the breaches that occurred, all of these incidents somehow ended up being sequestered in international consciousness.
Why go after mining companies?
Huq attributed the mining industries relevance to three key factors: the role the industry plays in the production and commoditization of certain resources in international markets; the importance of these natural resources in economic development; and, “the need for countries to benefit from their own mineral deposits.”
As such, hackers seeking to infiltrate mining companies may be affiliated with nation-states and competing organizations. In this case, they’d be in pursuit of financial information such as pricing data, or intellectual property such as technical knowledge that can help them compete more effectively in domestic or global markets. Nation-states or hacktivists may also gun for mining companies in an effort to hurt a business that serves an important function in a country’s economy. Huq noted that due to the longevity of companies in this industry, there is a greater chance that the IT systems and communication protocols being used are older and more susceptible to being hacked.
Other motives for cyber attacks include hacktivism, since the industry has a perception of causing damage to the environment, as well as theft of PII and other data. Hackers will deploy many of the same techniques used to go after other verticals. This includes phishing, malvertising, watering-hole tactics, man-in-the-middle attacks (involve intercepting communication protocols) and malware that is pre-loaded on certain equipment, just to name a few.
Regardless of the attack vector and the tools being used for the malicious activity, mining companies are important assets to any country’s economy. They have a significant amount of important data that a competing national interest or company could use for economic gain. Not to mention, the enormity of a mining operation and the number of third-party vendors involved in its success make these companies a significant source of personal information that could be quickly bought and sold on the dark web.
This theft of trade secrets and other forms of espionage, as well as hacktivism and PII-related breaches are serious issues, and they need to be addressed sooner rather than later.