MFA bypass attacks are a major threat for manufacturers. Zero Trust is crucial for protecting OT and IT systems against these attacks.
By Tony Baker, Chief Product Safety and Security Officer at Rockwell Automation
Cyberattacks targeting manufacturing operations have surged by 107% since 2021, with malicious actors using increasingly sophisticated tactics to circumvent multi-factor authentication (MFA). The alarming rise in cyberattacks underscores the critical need for manufacturers to swiftly adopt Zero Trust architecture, safeguarding both Information Technology (IT) and Operational Technology (OT) systems against MFA bypass attack and other cyber threats.
Despite widespread acknowledgment of the benefits of Zero Trust architecture, a concerning statistic reveals that only 49% of critical infrastructure organizations surveyed have implemented segmentation or micro-segmentation to protect vital systems. Segmentation of technology systems is a core component of Zero Trust and is mandated by many government policies. Furthermore, across the manufacturing and machinery sector, only 37% of companies have real-time threat detection in place. 63% are doing nothing.
Critical infrastructure faces a significant cybersecurity challenge with the growing convergence of IT and OT systems. This convergence opens new attack vectors for cybercriminals, creating vulnerabilities and widening the attack surface. Industrial organizations grapple with OT and IT cybersecurity gaps, and the looming threat of global adversaries compounds the challenge.
Despite the Cybersecurity and Infrastructure Security Agency’s (CISA) top recommendation of using MFA, cybercriminals increasingly employ bypass attacks to overcome MFA. Well-funded actors, including ransomware gangs and nation-state hackers, target Critical Infrastructure organizations.
As cyberattacks escalate and vulnerabilities persist without mitigation, the risk of a large-scale disaster for the industrial sector becomes more tangible. Organizations can no longer afford to remain unprepared on the sidelines; proactive measures are imperative.
MFA bypass attacks significantly impact the industrial sector, causing disruptions, financial losses, and threats to critical systems such as industrial control systems (ICS) and production lines. These attacks can lead to process manipulation, equipment sabotage, and facility damage, posing risks of data breaches and compromising intellectual property. Tampering with critical infrastructure may result in severe environmental consequences and increased safety risks for workers.
Financially, cyberattack disruptions lead to substantial production downtime, affecting revenue and profitability. Investigating and recovering from these attacks incur expenses, including incident response, system restoration, and potential legal costs. Successful cyberattacks can harm industrial companies’ reputation, causing customer loss and decreased market value.
The pervasiveness of MFA attacks in the industry is fueled by various factors. Cybercriminals constantly develop new tools, exploiting vulnerabilities in MFA and user behavior through phishing kits, man-in-the-middle attacks, and social engineering tactics. MFA fatigue attacks overwhelm users, making them more likely to approve unauthorized access to avoid annoyance. Exploiting weaker MFA methods, such as SMS or push notifications, is a target for attackers due to easier bypass.
Human factors also contribute, as weak passwords may allow access despite MFA, and cybercriminals may trick users through phishing emails, fake websites, and scams, potentially bypassing MFA. Lack of security awareness among users increases susceptibility to attacks.
On a technical level, poor network security or system vulnerabilities serve as access points for attackers. Some MFA may have inherent weaknesses, including vulnerabilities in authentication protocols, software, or misconfigurations. While MFA improves security over password-only authentication, it is not foolproof, necessitating continuous vigilance and improvement to counter evolving cybercriminal tactics.
Zero Trust is crucial for mitigating MFA and other cyberattacks, significantly reducing risk for OT and ICS. It minimizes the attack surface by segmenting the OT network into isolated zones, restricting lateral movement for attackers even if they bypass MFA. Zero Trust continuously verifies and authorizes every access request, making it harder for attackers to exploit compromised credentials.
Enforcing the principle of least privilege, Zero Trust grants minimal access, limiting potential damage and restricting an attacker’s reach to sensitive data. Beyond MFA, Zero Trust integrates various security controls, including micro-segmentation, network monitoring, endpoint protection, and vulnerability management, creating multiple hurdles for attackers.
Zero Trust’s continuous monitoring enables early detection of suspicious behavior, facilitating faster incident response and containment, minimizing the impact of cyberattacks.
CISA’s executive order (EO) 14028 encourages IT/OT leaders in the industrial sector to take a stepped approach enforce Zero Trust standards within their organizations and bolster OT cybersecurity to thwart MFA attacks. These steps include:
Deloitte’s 2023 CFO Insights report highlighted that organizations with mature Zero Trust models experienced $1.51 million lower breach costs compared to those in the early stages of implementation. This suggests that Zero Trust effectively limits the spread of attacks within networks, minimizing the impact and facilitating faster containment. Although not a cure-all, Zero Trust signifies a substantial change in security posture that can greatly enhance the security of OT and ICS environments. Through the implementation of layered security controls, reduction of attack surfaces, and continuous verification of access, Zero Trust significantly raises the difficulty for attackers to exploit vulnerabilities and jeopardize crucial industrial systems. Ultimately, this marks a triumph for manufacturers.
Tony Baker is the Chief Product Safety & Security Officer at Rockwell Automation. He is responsible for leading the product safety and security strategy for the company. He focuses on building trust in the brand, ensuring the safety and security of the products, services, and solutions and for managing the associated risks. He joined Rockwell Automation in 2006 and brings over 15 years of experience in various roles including systems engineering, product management, and program leadership. For the past seven years, Tony has held key leadership roles focused on building our industrial cybersecurity portfolio and product security capability.
Tune in to hear from Chris Brown, Vice President of Sales at CADDi, a leading manufacturing solutions provider. We delve into Chris’ role of expanding the reach of CADDi Drawer which uses advanced AI to centralize and analyze essential production data to help manufacturers improve efficiency and quality.