- What Happened:
o Sibanye-Stillwater, a global precious metals producer based in Johannesburg, South Africa, experienced a cyberattack on July 8, 2024.
o The cyberattack brought down the company’s main servers and disrupted the company’s IT systems globally, leading to server outages and system disruptions. The attack did not result in a ransom demand, and the perpetrators remain unidentified. It took the company a number of days to restore its systems from the attack.
- What was the Impact:
o While the main impact of the attack was on the company’s IT and automated systems, it had also effects on it had marginal effects on its mining activities.
- What happened:
o Indonesia’s national data center was attacked by a ransomware attack that was uncovered on June 10th. The ransomware attack was executed by a variant of LockBit 3.0 ransomware called "Brain Ciper". As part of the attack, large volumes of the National Data Center were encrypted. The attackers demanded $8min ransom for the decryption key.
- What was the impact:
o The attack disrupted and, in some cases, brought down critical government services, including immigration and passport services, bringing ferries and airports to a halt. More than 200 additional services were impacted on the national and regional levels.
- What Happened:
o On July 22, 2024, Split St. Jerome Airport inCroatia experienced a significant cyberattack by the "Akira" hacker group, resulting in IT system malfunctions.
o The attack caused major delays and disruptions, particularly affecting flights to several destinations. The hackers demanded negotiations for payment to unlock the data, but the Croatian government refused to negotiate with the criminals.
- What was the impact:
o The attack caused: (1) flight delays of over 150 major flights - 4 cancelled; (2) a major slowdown in operations with a need to manually process passenger data; and (3) the airports website was inaccessible.
4. Insights on reducing risks from such events
o The need for data backups and recovery plans: Regularly backing up data and having comprehensive recovery plans ensure that operations can quickly resume after a cyberattack. These measures minimize data loss and downtime
o Plans for shifting to manual processes: Developing and maintaining manual processing capabilities can mitigate the impact of IT system failures. This readiness allows critical operations to continue, reducing the overall disruption caused by cyber incidents.
o Compartmentalization of IT networks:Segregating IT networks into isolated segments limits the spread of malware and restricts unauthorized access. This approach enhances security by containing breaches and protecting sensitive data from widespread compromise.
Further reading and sources:
A. Review of Cyber-attacks:
a. Cyber attack on the Sibanye-Stillwater mining company:
https://www.mining.com/sibanye-stillwater-confirms-cyberattack-but-mining-business-unaffected/
https://www.benjamindada.com/stillwater-suffers-cyberattack/
b. Ransomware attack on Indonesia’s national data center:
https://www.cpomagazine.com/cyber-security/indonesian-national-data-center-hit-by-cyber-attack-disrupting-government-services/
https://govinsider.asia/intl-en/article/cyberattack-on-indonesias-national-data-centre-paralyses-government-services
c. Cyber attack on Croatian airport:
https://n1info.hr/english/news/split-airports-it-system-came-under-hacker-attack/