Mining, Quarrying, and Oil & Gas Extraction + Utilities
NAICS 21+22

Please provide the information below to view the online Verizon Data Breach Investigations Report.

The information provided will be used in accordance with our terms set out in our Privacy Notice. Please confirm you have read and understood this Notice.

By submitting the form, you are agreeing to receive insights, reports and other information from Verizon and affiliated companies in accordance with our Privacy Policy. California residents can view our California Privacy Notice.

Verizon may wish to contact you in the future concerning its products and/or services. If you would like to receive these communications from Verizon, indicate by selecting from the dropdown menu below. Please note that you can unsubscribe or update your preferences at any time.

Indicates a required field. The content access link will be emailed to you.

View only

Thank You.

Thank you.

You will soon receive an email with a link to confirm your access, or follow the link below.

Download this document

Thank you.

You may now close this message and continue to your article.

  • Frequency

     

    2,337 incidents, 338 with confirmed data disclosure

    Top patterns

     

    System Intrusion, Basic Web Application Attacks, and Social Engineering represent 88% of breaches

    Threat actors

     

    External (96%), Internal (4%) (breaches)

    Actor motives

     

    Financial (88%), Espionage (11%), Grudge (1%), Secondary (1%) (breaches)

    Data compromised

     

    Personal (58%), Credentials (40%), Other (36%), Internal (14%) (breaches)

    Top IG1 protective controls

     

    Security Awareness and Skills Training (CSC 14), Access Control Management (CSC 6), Secure Configuration of Enterprise Assets and Software (CSC 4)

    What is the same?

     

    This industry continues to be targeted by financially motivated actors as well as actors committing espionage.

    Summary

     

    The Mining and Utilities industry faces similar types of attacks as other industries such as those targeting credentials and leveraging Ransomware, but in addition has a high rate of social engineering attacks like Phishing.

  • Patterns

     

    5-Year difference

     

    3-Year difference

    Basic Web Application Attacks

     

    No change

     

    No change

    Social Engineering

     

    No change

     

    No change

    System Intrusion

     

    No change

     

    No change

  • Pattern

     

    Difference with peers

     

     

    Social Engineering

     

    Greater

     

     

    System Intrusion

     

    Less

     

     

    Basic Web Application Attacks

     

    Less

     

     

  • Mining, Quarrying, and Oil & Gas Extraction + Utilities (or MQOGEU as we like to say) simply rolls off the tongue. It is an interesting “combined” industry that has had a high number of engineers. This is perhaps fitting as it seems to be under barrage from the other form of “engineers” –the Social Engineers. This industry has had a higher rate of Social Engineering breaches than their peers.

  • And it shows, as more than 60% of all breaches are Phishing (Figure d930713), followed by stolen credentials (potentially gathered by Phishing) and Ransomware (potentially tangential to Phishing). Given the key importance of this industry to our everyday well-being, we certainly hope that those credentials aren’t the only thing keeping our utilities and mining operations safe, especially since that’s one of the most commonly breached data types.

    Considering the high prevalence of Phishing and credential attacks, it’s not too surprising to have Email servers as this industry’s most commonly breached asset, followed by Web applications and Desktops. Even though the infrastructure that runs these complex systems isn’t traditional IT infrastructure, the company can still be exposed to the very same threats as any other organization.

Let's get started.