TECHNOLOGY

TOMRA disconnects select services to mitigate cyber attack fallout

To counter the attack, the security team shut down services and disconnected sites proactively

 The services will remain offline until it is deemed appropriate to restart them. Photo: Black_Kira

The services will remain offline until it is deemed appropriate to restart them. Photo: Black_Kira

Identified by TOMRA's security operations early Sunday, the hackers had accessed some of TOMRA's technical infrastructure systems, permitting them to "traverse and access other sites."

To counter the attack, the security team shut down services and disconnected sites proactively. The services will remain offline until it is deemed appropriate to restart them.

"We have successfully started the process of establishing digital services for our Reverse Vending Machines (RVMs) on a new, independent, cloud-based platform," the TOMRA statement read. "We started contacting some customers today to get the first batch of RVMs in Europe back online."

While no new attacks have been found, the company acknowledged that the bad actors gained entry through compromised TOMRA user accounts. Subsequently, the security team identified several methods and tools used in the attack.

"The forensics team is starting to establish a picture of the cause and nature of the attack, but we continue to investigate to identify other potential points of entry and make sure we uncover the full nature of the attack," the company said.

Cyber risks and mining

As more technologies and services move online, the mining sector becomes increasingly vulnerable to cyber threats.

Earlier this month, Canadian precious metals miner Barrick Gold was included in a list of companies the Russian cybercriminal group Clop breached.

Clop is responsible for hundreds of ransomware attacks and boasts breaching 376 international companies and nearly 20 million individuals.

While Barrick has not confirmed or denied the allegations, there is undoubtedly a rise in corporate and private cyber attacks. Earlier this year, Canadian Copper Mountain Mining was the target of a cyberattack, forcing the miner to shut down operations temporarily.

In 2022, Aurubis -Europe's largest copper producer- was the target of cybercriminals. In an October statement, the copper miner alluded that the breach was "part of a larger attack on the metals and mining industry."

This was reinforced by a report from Ernst and Young, which noted that cybercriminals were threatening the industry.

"Cyber threats are evolving and escalating at an alarming rate for mining, metals, and other asset-intensive industries," it read. "Understanding the current cyber risk landscape and the threats new technologies bring is critical for planning reliable and resilient operations."

In a 2021 survey, EY found that 71% of mining participants saw an uptick in disruptive attacks, while 55% were concerned about their ability to manage a cyber threat.

"Understanding the cyber threat landscape is the vital foundational step," the report concluded. "Mining and metals companies need to have a clear plan that forms part of their digital road map and risk management plan."

 

 

A growing series of reports, each focused on a key discussion point for the mining sector, brought to you by the Mining Magazine Intelligence team.

A growing series of reports, each focused on a key discussion point for the mining sector, brought to you by the Mining Magazine Intelligence team.

editions

ESG Mining Company Index: Benchmarking the Future of Sustainable Mining

The ESG Mining Company Index report provides an in-depth evaluation of ESG performance of 61 of the world's largest mining companies. Using a robust framework, it assesses each company across 9 meticulously weighted indicators within 6 essential pillars.

editions

Mining Magazine Intelligence Exploration Report 2024 (feat. Opaxe data)

A comprehensive review of exploration trends and technologies, highlighting the best intercepts and discoveries and the latest initial resource estimates.

editions

Mining Magazine Intelligence Future Fleets Report 2024

The report paints a picture of the equipment landscape and includes detailed profiles of mines that are employing these fleets

editions

Mining Magazine Intelligence Digitalisation Report 2023

An in-depth review of operations that use digitalisation technology to drive improvements across all areas of mining production