Explainer

The most common types of cyberattacks

Businesses have never been at more threat of cyberattacks, which can take many forms. Kris Cooper breaks down the most common types.

Credit: mayam_studio / Shutterstock

With cyberattacks having the potential to bring business to a standstill and the attack surface constantly growing, businesses must focus on building cybersecurity and resilience to navigate the evolving threat landscape.

In its annual review of cyberattacks released in January, threat intelligence researcher Check Point found that organisations around the world experienced an average of 1,158 weekly cyberattacks each during 2023 – a rise of 1% from 2022.

It was revealed in April, meanwhile, that half of businesses (50%) in the UK, 70% of medium-sized businesses (70%) and nearly three-quarters of large businesses (74%) had experienced some form of cyberattack in the last 12 months.

The real-world impacts that cyberattacks can cause were underscored recently when a cyberattack on pathology service provider Synnovis brought some hospitals in the UK to a standstill.

Categorising cyberattacks

Cyberattacks can be separated into targeted and non-targeted attacks. As the terms suggest, targeted attacks are aimed at a specific institution. Non-targeted attacks attempt to target as many devices or networks as possible to broaden the chances of success.

Motivations for cyberattacks can be financial, data-foccused or for extortion, among other things. ‘Hacktivists’ want to gain attention for their cause, while terrorists seek to disrupt or damage critical infrastructure assets or exact industrial espionage. Other threat actors can include nation-states and disgruntled employees or customers.

According to GlobalData’s latest report on cybersecurity, untargeted attacks usually take the form of phishing, malware, water-holing or zero-day exploits, whereas targeted attacks are usually spear-phishing attacks, distributed denial of service (DDoS) attack and supply chain attacks

Untargeted
Phishing: The practice of sending fraudulent messages to large numbers of people asking for sensitive information, such as bank details, or encouraging them to visit a fake website. Phishing continues to be popular due to its simplicity and effectiveness. It targets the weakest link in the security chain: the user. Phishers usually masquerade as trustworthy entities.

Malware: This term, short for malicious software, refers to any intrusive software developed by cybercriminals to steal data and damage or destroy computers and computer systems. Examples of common malware include viruses, worms, spyware, adware, and ransomware.

Water holing: Refers to setting up a fake website or compromising a legitimate one to exploit visiting users.

Zero-day exploits: Attacks targeting a security flaw previously unknown to the software vendor or security provider. Typically, an attacker will probe a system until they discover a vulnerability. If it has never been reported, it is a zero-day flaw because developers have had zero days to fix it. Taking advantage of the security flaw is a zero-day exploit, which often compromises the target system. Zero-day vulnerabilities can exist for years before they are discovered.

Targeted
Spear-phishing attack: Sending messages to targeted individuals with an attachment containing malicious software or a link that downloads malicious software.

DDoS attack: A coordinated attack in which multiple connected machines in a botnet, usually infected with malware or otherwise compromised to co-opt them into the attack, flood a network, server, or website with data, causing it to crash.

Supply chain attack: An attack in which threat actors compromise enterprise networks using connected applications or services owned or used by outside partners, such as suppliers. The outside provider has already gained the right to use and manipulate a company’s network, applications, or sensitive data, so the attacker only has to penetrate the third party’s defences or program a loophole into a solution offered by a vendor to infiltrate the system.

Industry insights

Speaking to Verdict, Dave Gerry, CEO of crowdsourced security platform Bugcrowd, says that the firm has seen the most successful hackers focus on authorisation-based attacks over the last year.

“Unlike authentication vulnerabilities, which can involve user impersonation or credential theft, authorization issues arise after a user is authenticated but can perform unauthorized actions,” he explains.

“These vulnerabilities are among the hardest to detect due to their complexity. Allowing hackers to report them and offering compensation is crucial for maintaining a mature security posture.”

Elsewhere, NetScout's principal threat analyst Filippo Vitale says that, starting in early 2022, adversaries pivoted towards application layer and direct-path attacks. He added that DDoS attacks “now primarily employ direct-path vectors as more providers implement anti-spoofing techniques such as source address validation”.

Ed Williams, vice president for consulting and professional services in EMEA at Trustwave notes that many cyberattacks can be broken down into phases, with the first phase being gaining an initial foothold.

Explaining that spear-fishing links, valid accounts and external remote services make up for approximately 90% of the initial foothold phase, he comments: “If organisations were able to fully eradicate and manage this phase, I believe we would see a reduction in the overall number of successful attacks. Though it should be stated that these are hard problems to fix across complex and ever-increasing environments.” 

Reflecting on the increasingly complex cybersecurity environment, Williams warned: “The annual 20-minute cyber awareness training is not enough anymore,” adding that more dedicated tools and training are required.

Cyber regulation

As the cyber threat landscape evolves, so too does the regulatory environment. A recent development is the NIS2 Directive, an EU-wide legislation aimed at boosting the overall level of cybersecurity. Adopted in 2023, EU member states have until October 2024 to put the measures into law.

The directive seeks to appropriately equip member states for cyberattacks, as well as facilitate cooperation in defending against attacks across the EU. Alongside this, the EU’s Cyber Resilience Act (CRA) has addressed potential entry points for cybercriminals in hardware and software, with a particular focus on securing IoT devices.

Speaking previously with Verdict, Ross Brewer, vice president and managing director for EMEA of threat detection and incident response company Graylog, highlighted that, while these regulatory frameworks are a step in the right direction, he fears that often compliance exercises are treated as checkbox exercises, reducing the effectiveness of the regulation.

Alongside NIS2 and the CRA, the European Commission is also expected to adopt draft regulations establish a European Cybersecurity certification scheme (ECCS). This scheme will evaluate the security properties of ICT-based products and services to inform users of the cybersecurity risk of certain products.  

Elsewhere, the UK and US have both tightened the rules on firms disclosing cyberattacks over the last couple of years.

The SEC consolidated a new rule in late 2023 that requires public companies to disclosure cybersecurity incidents within four business days. In the UK mandatory reporting obligations for service providers have been introduced, with the potential for managed service providers to be fined £17m for non-compliance.

09/18/2024 15:55:26

Theme impact

The impact of cybersecurity on the mining sector

Credit: Bert van Dijk/Getty images.

The number of cyberattacks is rising, and so is their complexity. Therefore, all segments of the mining value chain are vulnerable to attack. The matrix below details the areas of cybersecurity in which mining companies should focus their time and resources. Mining companies should invest in technologies shaded green, explore the prospect of investing in technologies shaded yellow, and ignore technologies shaded red.

How mining should invest in cybersecurity

With IoT devices rapidly increasing in popularity and deployment, attackers are shifting their attention to the vulnerabilities of digital integrated circuits (ICs). Therefore, mining companies should invest in chip-based security.

Regarding the software segment of the cybersecurity value chain, mining companies will need to use all cybersecurity software provisions, from identity management to vulnerability management, to defend servers and IoT devices collecting data. For example, at the prospecting and exploration stages, there is the risk of theft of important geological data, surveys, and mapping of economically valuable mineral deposits. Mining companies invest billions of dollars into identifying new mine sites, and data on mineral deposits can be sold to competitors.

Moreover, during the extraction and processing stage, threats involve unauthorized access to automated equipment, affecting production activity and worker safety. With the increasing reliance on mobile and remote access technologies, ensuring the security of endpoints such as laptops, tablets, and mobile phones is vital since geologists and engineers often work in remote locations and use mobile devices to collect and analyze data. Endpoint security solutions protect these devices from malware and unauthorized access.

Mining companies increasingly rely on cloud services for data storage, analytics, and collaboration. A breach could expose large-scale project data, including blueprints and timelines, leading to delays and financial losses. Therefore, mining companies should invest in robust cloud security measures.

Unauthorized access to networks could lead to operational disruptions. By investing in network security and deploying measures such as intrusion detection systems (IDS) and secure communication protocols, mining companies can safeguard their networks against cyber threats.

Threat detection and response (TDR) and unified threat management (UTM) are other priorities across all mining value chain segments. Where these applications are AI-based, they can be useful in preventing cyberattacks and monitoring all threats despite mining operations being spread worldwide.

Cybersecurity services are a high priority since they offer expert support for complex cybersecurity issues in an industry with a shortage of cybersecurity skills.

How does ESG impact cybersecurity?

ESG considerations drive the need for cybersecurity within the mining sector. By addressing cyber risks within the context of sustainability, social responsibility, and effective governance, companies can safeguard their operations, customers, and reputation while fulfilling their ESG responsibilities. By protecting themselves from cyber threats, mining companies align with ESG objectives.

The mining industry increasingly relies on digital technologies to improve efficiency and sustainability. Cyberattacks on critical infrastructure, such as power plants and water-processing facilities, pose environmental hazards. Again, disruptions to the decarbonization and CO2 reduction database or the monitoring system of energy production and consumption are an opportunity for cybercrime.

Cybersecurity is integral to trustworthy ESG reporting, protecting data from collection to analysis and reporting. It is worth mentioning, however, that implementing cybersecurity measures (i.e., having a backup data center) can lead to higher resource and energy consumption.

Mining companies are under growing pressure to demonstrate social responsibility by safeguarding the interests of employees, local communities, and stakeholders. Social harms - such as breaches targeting personal employee data and financial frauds like breaches in production scheduling and pricing information - pose significant threats. Privacy controls play a crucial role in limiting the manipulation of personal data.

Risk management, transparency, and accountability are part of the governance component of the ESG framework for the mining sector. Integrating cybersecurity into governance frameworks (e.g., appointing a CISO to the board) ensures that cybersecurity receives appropriate attention and resources.

How does safety impact cybersecurity?

Safety in mining operations involves protecting workers from harm, equipment problems, and environmental dangers. However, the increasing reliance on digital technologies and interconnected systems introduces cybersecurity risks that can compromise safety.

For instance, if hackers attack the control systems of mining equipment, it could cause malfunctions or accidents, putting workers at risk. Moreover, standby systems are critical for processes such as furnace cooling or mine ventilation, and a potential cyberattack represents a significant hazard.

Electronic control systems are a fundamental safety feature. Examples include remote control systems that manage haul trucks, fire detection and suppression systems, and tailing impoundments. If a control breach occurs, the malfunction of electronic monitoring and warning systems can compromise the safety of thousands of workers. Also, if sensitive safety or environmental monitoring data gets breached, it can affect compliance with regulations and create safety problems in the long run.

How does geopolitics and supply chain risk impact cybersecurity?

Mining companies face cybersecurity threats from various actors who may target them to weaken a country or industry. For instance, a cyberattack aimed at stealing pricing data could give competitors or foreign countries an advantage in future sales. Factors such as geopolitics, volatile market dynamics, and regulatory changes add further pressure to the sector, creating an environment where cyber threats proliferate.

The mineral supply chain is vulnerable to political interference, with state-sponsored threats seeking to disrupt operations and steal valuable mining data, including exploration information, geological surveys, and financial data. The geopolitical landscape, shaped by events like the conflict in Ukraine, tensions in the Middle East, Red Sea attacks, and deteriorating Western relations with China, directly affects cyber threats.

State-sponsored attacks on critical infrastructure and supply chains are increasingly sophisticated and aggressive. Implementing preventive measures (i.e., encryptions, authentications, backup systems, training, etc.) and collaborating with cybersecurity vendors strengthens cyber resilience.

How does productivity impact cybersecurity?

More digitalization is needed to increase productivity in mining operations. However, the reliance on digital systems and devices brings more cybersecurity risks.

Automation plays a crucial role in building productive and resilient businesses, so the mining sector is looking at emerging technology to address labor shortages, cut costs, and ease the negative consequences of supply chain disruption. This includes technologies that replace human labor, such as robotics, or technologies that help workers collaborate remotely, such as digital twins, wearable tech, and virtual and augmented reality (VR and AR).

Additionally, IoT sensors, autonomous vehicles, and drones are becoming integral parts of industrial automation strategies within the sector. However, industrial automation brings challenges. Although beneficial for productivity, it increases the risk of cyberattacks, a worrying issue for mining companies.

With larger volumes of data being generated and processed, including sensitive information about production processes and equipment, safeguarding this data becomes crucial to prevent disruptions and ensure safety. Therefore, maintaining security measures is essential to protect mining operations.

How does the labor shortage impact cybersecurity?

The labor shortage in the mining sector is making it harder to protect companies from cyber threats. With fewer skilled workers available, there is less expertise to implement cybersecurity measures, leading to vulnerabilities. The workload on current staff increases, causing delays in spotting and addressing cyber threats.

Human error remains a leading cause of breaches, but building awareness, providing updated information to the staff, and enhancing password security can help prevent data leaks. Mining companies must prioritize cybersecurity investments to increase their cybersecurity expertise, resources, and responsiveness to threats. For instance, they should hire new talent with cybersecurity expertise and focus on upskilling existing employees.

How does resource development impact cybersecurity?

As mining operations look into more challenging environments and explore new frontiers like deep-sea and extra-terrestrial exploration, the increased reliance on digitalization and connectivity increases the potential for cyber threats. Moreover, exploring and developing new mines in remote or difficult-to-access locations requires complex supply chains involving various vendors, contractors, and partners. This complexity introduces vulnerabilities within the supply chain, increasing exposure to cyber risks.

G lobalDat a, the leading provider of industry intelligence, provided the underlying data, research, and analysis used to produce this article.

GlobalData’s Thematic Intelligence uses proprietary data, research, and analysis to provide a forward-looking perspective on the key themes that will shape the future of the world’s largest industries and the organisations within them.

09/18/2024 15:55:26

Case studies

How mining companies are tackling cybersecurity challenges

Credit: Bert van Dijk/Getty images.

Teck Resources defends against cyberattacks with Trellix

Teck Resources, a Canadian mining company, handles vast amounts of sensitive data, which needs robust cybersecurity. Despite having a cybersecurity defense system, it struggled with data overload, making threat identification difficult. The company needed faster, automated responses to cyber threats, as manual intervention was unsustainable given the urgency and complexity of modern cyberattacks.

Partnering with Trellix, a cybersecurity company specializing in endpoint, cloud, and application security, Teck adopted Trellix's extended detection and response (XDR) platform. This platform detect security incidents, blocks inbound email, network, and endpoint attacks, and automates investigation workflows.

Viostream helps South32 securely streamline internal board information

South32 is an Australian mining and metals company. Its board of directors and stakeholders are located across the globe and often need to communicate confidential commercial information. In addition, time zone differences necessitate a channel where it is easy to schedule real-time updates, and the mining company’s cybersecurity policy requires a secure Australian-hosted data storage solution.

To tackle this, South32 partnered with Viostream in 2023 to communicate sensitive board-level information. Viostream is a video-hosting platform for marketing, corporate communications, investor relations, and learning and development purposes.

Viostream allows South32 to make asynchronous video updates that meet the mining company’s cybersecurity standards, which is vital given the sensitivity of board-level communications. The mining company mainly shares project updates among board members by publishing videos on the Viostream channel, accessible via registration and features password protection.

“One of the main requirements South32 asked for was the multi-factor authentication feature,” Paul Vecchiato, Viostream’s CTO, told GlobalData. He added: “The company did really enjoy the fact that we are an Australian organization and that all our hardware and data is residing in Australia, as per government guidelines.”

Indeed, to comply with South32’s cybersecurity policy, Viostream hosts its videos, metadata, and user information in Australia in ISO-27001-certified facilities.

When asked about the level of disruption that cybersecurity can cause, Vecchiato said: “It can really destroy companies’ reputation. Our clients are mainly publicly listed companies that have more mature corporate communications and investor relations requirements; therefore, they are likely to take more advantage of video platforms and also ensure that their video communications are secure as well.

“Of course, when you experience a cyberattack, you are much more aware of the cybersecurity risks. Companies have been in general relaxed on this, but in the last 24 months in Australia we are seeing increased attacks, and we are seeing much more interest from our customers as well.”

Lundin Mining is more cyber resilient with Dragos

In 2023, Canadian base metals mining company Lundin Mining adopted Dragos’ operational technology (OT) cybersecurity platform and OT Watch to bolster its cyber resilience.

Dragos is an industrial cybersecurity solutions provider, and its OT cybersecurity technology helps Lundin Mining secure its industrial infrastructure. Among the main challenges Dragos faced were the mining company’s interconnected industrial control systems (ICS) and OT assets spanning multiple continents.

Lundin Mining adopted both Dragos OT Cybersecurity Platform and OT Watch. The former can find the root cause analysis of operational issues, conduct automated asset inventory, verify and prioritize vulnerabilities or supply chain risks, respond to regulatory audits, and hunt for threats based on threat intelligence. The latter incorporates ICS intrusion detection analysts and investigators dedicated to hunting for potential cyber threats.

GlobalData, the leading provider of industry intelligence, provided the underlying data, research, and analysis used to produce this article.

09/18/2024 15:55:26