Cyber threats in mining: the hidden cost of digitalisation

From ransomware attacks to AI-driven cyber threats, mining companies must balance innovation with resilience. Credit: janews / Shutterstock

As mining companies rush to the cloud, cyber threats are on the rise. Over the past decade, while digital transformation has improved efficiency, safety and sustainability at mine sites, it has in the meantime opened the floodgates to cyberattacks. With automation, digitalisation, AI and the Internet of Things (IoT) now embedded in mining operations, the industry is more exposed than ever, making cybersecurity not just a priority, but a necessity. 

“We face daily attempts, as all companies do. Common attacks range from password spraying and brute forcing to social engineering and phishing/vishing campaigns,” Jeff Pick, director of cybersecurity architecture and operations at Freeport-McMoRan, a major US-based mining company, tells MINE Australia. 

“As most organisations now recognise, the question isn’t if a cyber event will occur, it is when,” Pick adds, underlining that “in many cases, threat actors thrive on the complexity in architecture that has developed over time”. 

According to the new Annual Report 2024 from the Mining and Metals – Information Sharing and Analysis Centre (MM-ISAC), released in February, cyberattacks in the mining industry tripled between 2023 and 2024.

MM-ISAC, a Canada-based not-for-profit organisation dedicated to cybersecurity in the global mining and metals industry, reported a sharp increase in cyber incidents in just one year. In 2024, the number of reported attacks rose to 30, up from ten in 2023, highlighting the sector’s growing vulnerability. 

“And those are just the ones we know about,” says Rob Labbé, MM-ISAC’s CEO and chief information security officer in residence, in an interview with MINE Australia, emphasising that “there is a massive under-reporting in cyber incidents”. 

Labbé estimates that around 80% of cyberattacks in the mining industry are financially motivated, with criminals seeking ransom payments through extortion tactics. The risk isn’t necessarily stealing data: it is bringing down systems and disrupting operations. 

One of the most notable attacks in 2024 involved Alamos Gold, a Canada-based mining company, which fell victim to BlackBasta ransomware. BlackBasta, which emerged in 2022, is known for its double extortion tactics, encrypting victims’ data and threatening to leak it unless a ransom is paid. 

In June, the BianLian cybercriminal group claimed responsibility for an attack on Northern Minerals, an Australian rare earth exploration company. According to the MM-ISAC report, the incident came just hours after the Australian Government ordered China-affiliated investors to divest their shares in Northern Minerals, citing national interest concerns. BianLian, likely based in Russia, specialises in ransomware deployment and data extortion. 

July saw another major breach when South African mining company Sibanye-Stillwater experienced a cyber incident involving RansomHouse ransomware. The following month, Australian gold mining company Evolution Mining reported an attack on its IT systems. In September, Vancouver-based Hunter Dickinson was also targeted, with BianLian once again claiming responsibility.

Cyber threats have been escalating in the mining industry for years. Back in March 2023, Rio Tinto suffered one of the most significant cyberattacks in the mining industry’s history. According to GlobalData, MINE Australia’s parent company, the breach resulted in sensitive employee information, including family details and payroll data, being leaked onto the dark web. 

Two months later, in May 2023, Fortescue Metals was attacked by a Russian ransomware group, further exposing the industry’s vulnerabilities. In December 2023, Anglo American had its email distribution channels compromised, leading to offensive messages and inappropriate graphics being sent to company newsletter subscribers. 

Freeport-McMoRan also reported a cyber incident on 11 August 2023. “There was limited impact on production,” Pick says, explaining that “a prominent threat actor deployed low-tech and common tactics, techniques and protocols” frequently used in cyber events over the past two years.

The rapid digitalisation of the mining industry has led to an exponential increase in data handled by companies, making them prime targets for cyberattacks. According to GlobalData’s Cybersecurity in Mining report released in June 2024: “The number of cyberattacks is rising, and so is their complexity. Therefore, all segments of the mining value chain are vulnerable to attack.”

As mining operations rely more on AI, robotics, IoT and cloud computing, cybercriminals are leveraging the same technologies to launch more sophisticated and targeted attacks. The emergence of genAI tools such as OpenAI’s ChatGPT, has further empowered attackers, allowing them to craft deceptive and highly personalised threats. 

“AI is making life way easier for cybercriminals,” warns Labbé. 

While AI is driving efficiency and innovation in mining, it is also introducing new security vulnerabilities. Pick from Freeport-McMoRan cautions: “The use of AI is starting to yield real dividends. This brings with it potential risks, as the models in use become part of our proprietary information or trade secrets that contribute to our competitive advantage. Risks to manage include data poisoning or exfiltration to competitors.”

This paradox highlights the complex cybersecurity challenges in the mining sector, where AI acts as both a tool for innovation and a weapon for cybercriminals.

Another growing concern is AI-driven human error. As Labbé further explains: “We will see a lot more AI-driven attacks. We will see a lot more incidents that are enabled by AI to incite human error. So the AI doesn't do the attack, AI is used to convince a person to make a mistake.”

Beyond direct attacks, cyber threats have a broader impact on the mining sector –they hinder technological progress. Among the collateral damage of cyberattacks, one of the biggest challenges for major mining companies is that cybersecurity teams often block innovation, with nearly 40% of projects either delayed, cancelled or having their scope reduced because of cybersecurity concerns. Labbé highlights that while security is vital, current practices often conflict with the need for innovation.

“In this industry, if we don’t innovate, we die,” Labbé stresses, noting that mining companies are significantly underinvesting in cybersecurity compared with other sectors. He adds that rising cyber incidents have led to tighter controls, which are now hindering progress. 

“Mining companies are overly cost-focused,” Labbé underlines, urging the need for a better balance between security and innovation to drive the industry forwards.

One key takeaway from cyberattacks in the mining industry is the importance of resilience, according to Labbé. “The harsh reality is that if a determined attacker targets your company, they will succeed. The idea that we can prevent 100% of cyber incidents is outdated. What matters now is how prepared we are to minimise damage and recover quickly when an attack occurs,” he believes.

Freeport is a prime example. “Thanks to their resilience-focused approach, they did not lose a single pound of copper production. Contrast that with MGM Casinos, which was attacked by the same group using the same techniques but suffered significant operational disruption. The difference wasn’t in the size of the company or how much money they spent on cybersecurity, it was their focus on resilience planning. Same attacker, same techniques, very different outcome,” he adds. 

This underscores the need for mining companies to prioritise resilience strategies, ensuring that cyber incidents do not disrupt production or compromise operations. 

“My hope for 2025 is that recognition will improve and that will make a huge difference. What I think will happen in 2025 is we are going to see a bunch more incidents and set a new record – and hopefully we don't hurt anybody,” concludes Labbé.