Cyber Vigilance Update

Today’s Connection

Cyber Engage Update - 14/06/2023 V1 (#28) (#29)

Office Alert

Gold Digger’s Inspiration

Lessons from the Mining Industry

The Mining Industry provides other industries and smaller businesses with an insight regarding potential future threats and also strategies for protection.

In today’s interconnected world, the mining industry is facing an unprecedented challenge: the rising tide of cyber threats.

This provides other industries and smaller businesses with an insight on potential future threats and also strategies for protection.

As mining companies increasingly embrace technological advancements such as wide-scale automation and AI-driven processes to optimise their operations, they have also become more vulnerable to sophisticated cyber-attacks.

Cyber criminals have long identified mining and metals companies as lucrative targets, leading to a surge in cyber incidents within the industry. Notable cases, like the attacks on Norsk Hydro and BlueScope Steel, have highlighted the urgent need for mining organisations to actively address common weaknesses in their network architecture, legacy industrial technologies, access controls, security configurations, maintenance processes, remote staff, and third-party access. Failing to close these gaps in cyber defences can have severe consequences, ranging from environmental harm and production loss to revenue decline, regulatory fines, reputation damage, and even operational shutdown.

 

What can I do?

You can consider the following initiatives that the mining industry have implemented and optimize your approach to cyber security where appropriate.

To mitigate these risks and fortify their cyber security strategies, mining companies have adopted five key measurable strategies:

  1. Identification and patching vulnerabilities: Proactively identifying and addressing vulnerabilities within the IT and operational technology infrastructure has proven a crucial step in strengthening cyber defences. Regular vulnerability assessments and penetration testing have helped identify weaknesses and potential entry points for cyber-attacks. The conduct of thorough audits of the network architecture, legacy systems, access controls, security configurations, and maintenance processes, has enabled mining companies to gain insights into the areas that require immediate attention.

 

  1. Controlling and managing system and network access: This is a fundamental practice in mitigating cyber threats, and Mining organisations have adopted a selective access approach, granting privileged access only to individuals who genuinely require it to perform their roles effectively. This principle applies to both internal employees and third-party vendors or contractors who have access to critical systems and networks.

 

  1. Undertaking penetration testing: Engaging professionals to conduct penetration testing has been an essential step in assessing vulnerabilities and evaluating an organisation’s readiness to respond to cyber threats. Penetration testing involves simulating realistic cyber-attack scenarios to identify weaknesses in defences and determine the effectiveness of existing security measures.

    The results of these tests have informed the development of effective countermeasures and assisted in prioritising security investments based on risk exposure. Regularly scheduled penetration testing, complemented by continuous monitoring and threat intelligence, has ensured that mining companies stay one step ahead of evolving cyber threats.

 

  1. Enable multifactor authentication (MFA): As remote work becomes increasingly prevalent in the mining industry, implementing multifactor authentication (MFA) has been crucial in enhancing security for remote workers accessing critical systems and networks. MFA adds an extra layer of protection by requiring users to provide multiple forms of authentication before gaining access. This typically includes a combination of something the user knows (such as a password), something the user possesses (such as a physical token or mobile device), or something the user is (such as biometric data).

    The additional layer of authentication acts as a strong deterrent against cyber criminals attempting to exploit remote access privileges. It is essential to educate employees on the importance of MFA and enforce its use across all remote access points to ensure consistent and effective security.

 

  1. Using reputable, enterprise-grade cyber security solutions to uncover threats: These advanced solutions, such as extended detection and response (XDR), have provided enhanced threat visibility and system monitoring capabilities. By implementing these robust cyber security tools, mining organisations have effectively detected and responded to incidents, conduct in-depth root cause analysis, and fortify their defences against evolving cyber threats.

 

By implementing these strategies and fostering a culture of cyber safety, mining organisations have enhanced their cyber defences, mitigated the risks posed by the escalating cyber threat landscape, and maintained the trust of stakeholders in an increasingly interconnected world.

Strengthening cyber security practices across the entire supply chain is also a critical step toward safeguarding sensitive data, protecting intellectual property, and ensuring the long-term success and sustainability of the mining industry in the face of evolving cyber threats.

 

 

Home Alert

Beware the Adware!

Android Apps that just Keep Giving

A recently rolled-out application anomaly detection feature in a mobile security suite has uncovered a global adware campaign operating at a vast scale. The campaign is aimed at spreading adware on Android devices, but it is believed that it could just as easily spread more dangerous malware, such as credential stealers capable of nabbing bank details. It’s been live since October 2022 at least and comprises over 60,000 unique applications, although there are likely many more yet to be discovered.

Of the affected devices, it is reported that 55 per cent are in the US, with countries like South Korea, Brazil, France, Kazakhstan, Romania, and Italy included although at significantly lower rates. It is assessed that Australia has an affected rate of around 12 percent.

The spread of the campaign is based on offering cracked or altered versions of apps not otherwise available on the official App Store. This includes cracked or unlocked games, Netflix, various fake videos and tutorials, and ad-free versions of apps such as TikTok and YouTube.

What makes this campaign particularly tricky is how it gets around Google’s recent removal of the ability to hide an app icon once a launcher is installed and registered. The app then progresses to make sure that the user thinks the app needs to be uninstalled by showing an error screen that reads: “Error – Application is unavailable in your region. Tap OK to uninstall”, along with an OK button.

But this process installs the app, and it now has an invisible icon and is at the very bottom of the device’s app list. All that shows on the app list is a slight icon shadow and a file size, which is easy to miss.

The installed adware then sleeps for two hours and then waits for the next time the device is unlocked or turned on. From that point, the adware pings away at a server every two hours, waiting for an ad to be deployed.

 

What can I do?

 Users should maintain an awareness of the risks loading any app even those available on recognised App stores.

  • If you notice anything strange in how the App is working, immediately delete it and report it at the earliest opportunity.
  • Even when removed, keep track of any suspicious activity going forward.

This week's Training module

MODULE 4

Cyber Threat Reporting (1/1)

Cyber Security Vigilance Program

Version 16-11-2022

Cyber Security Vigilance

homeapartmentcloud-downloadlinkcross