How the Mexican mining industry should confront ever more sophisticated cyberattacks

Although mining companies' expertise in risk management has helped them mature quickly in combatting cybercrime, they must step up efforts against organized criminal groups deploying increasingly sophisticated attacks.

Experts discussed the topic at the “Cyber Resilience in Mining” panel at the Mexico Mining Forum held recently in Mexico City. They recalled that cyberattacks have grown at an alarming rate in various industries, and mining is an ideal target due to the very nature of the business.

In the 2024 Mining Risks and Opportunities Survey, carried out by consultancy EY, cybersecurity was the eighth biggest concern, re-emerging for the first time since 2020.

The increasing convergence of IT and operational technology (OT), digital transformation and remote working, as well as geopolitical tensions such as the war in Ukraine, have caused cyber incidents to skyrocket, according to EY.

The World Economic Forum has also highlighted cybersecurity as a short- and long-term risk that must be addressed now.

David Tintor, CEO of cybersecurity firm TBSEK, highlighted that attacks in the industry as a whole increased by 300% last year, mainly because mining is a business that generates billions of dollars and which cybercriminals target for monetization.

“Last year, cybercrime doubled drug-trafficking revenues… This year, several drug trafficking groups have even been identified as being involved with cybercriminal groups to diversify their business because they are taking over all their markets. That is the reason: the reason is that it generates money, and it generates a lot of money,” said Tintor.

Regarding the modus operandi, Tintor said that in the past cybercriminals mostly charged ransoms for stolen or encrypted information, but today the most common activity is to paralyze operations or businesses.

“What better way to paralyze a business than to know exactly that for every [second] that a silver mine mill is down, it loses US$5. And for every second that a gold mine mill is down, it loses US$400. When you can count exactly what you lose due to a shutdown, the attacker can turn that into monetization,” he said.

Alexandro Fernández, executive director of OT cybersecurity at Intelligent Networks, said that even governments are involved.

“Many times what we are seeing in Mexico, in South America, Latin America, in general in the world, is that… these are groups that are often sponsored by governments. There is a lot of talk about the Chinese, there is a lot of talk about the Russians, there is a lot of talk about North Korea, Iran, etc. They don’t say it openly, but they are groups that are looking for, of course, a benefit,” said Fernández.

He added that there are other organized crime groups that are offering ransomware services. “So, these groups are also, obviously, going to look at the mining sector and say: 'Hey, here they extract zinc, here they extract gold, here they extract silver.' So, of course, they see that there is money here.”

TBSEK's Tintor believes that the mining sector has matured much faster than sectors that face even more attacks, such as the financial sector, because security is part of its DNA.

However, he warned that the current challenge facing mining companies is that the OT is isolated from the network and therefore assumed to be protected from potential threats, but hyperconnection and hyperconvergence keep them connected still, making the risk imminent.

Fernández agreed with Tintor that cybercriminals see opportunities in outdated OT, and that as companies seek to connect their systems to the internet, they expose themselves to greater risk.

"One of the main aspects that must be carried out, let's say as step number one, and it is highly recommended, is to perform an assessment... that contemplates, of course, and is right now focused on the OT part, on operating technologies."

He added that during such an assessment "it is evaluated what technologies I have, what protocols they are managing, how the networks are, if they are interconnected, if for example I have a command and control center in a remote location, how are they connecting, or if I have a Schneider or a Rockwell or an ABB that are also having remote access to my equipment, my trucks, my drones, etc. How is all that being protected?”