August 27, 2024 Zero Trust to Prevent MFA Attacks in the Industrial Sector

MFA bypass attacks are a major threat for manufacturers. Zero Trust is crucial for protecting OT and IT systems against these attacks.

By Tony Baker, Chief Product Safety and Security Officer at Rockwell Automation

Cyberattacks targeting manufacturing operations have surged by 107% since 2021, with malicious actors using increasingly sophisticated tactics to circumvent multi-factor authentication (MFA). The alarming rise in cyberattacks underscores the critical need for manufacturers to swiftly adopt Zero Trust architecture, safeguarding both Information Technology (IT) and Operational Technology (OT) systems against MFA bypass attack and other cyber threats.

Despite widespread acknowledgment of the benefits of Zero Trust architecture, a concerning statistic reveals that only 49% of critical infrastructure organizations surveyed have implemented segmentation or micro-segmentation to protect vital systems. Segmentation of technology systems is a core component of Zero Trust and is mandated by many government policies. Furthermore, across the manufacturing and machinery sector, only 37% of companies have real-time threat detection in place. 63% are doing nothing.

New Attack Vectors, New Vulnerabilities

Critical infrastructure faces a significant cybersecurity challenge with the growing convergence of IT and OT systems. This convergence opens new attack vectors for cybercriminals, creating vulnerabilities and widening the attack surface. Industrial organizations grapple with OT and IT cybersecurity gaps, and the looming threat of global adversaries compounds the challenge.

Despite the Cybersecurity and Infrastructure Security Agency’s (CISA) top recommendation of using MFA, cybercriminals increasingly employ bypass attacks to overcome MFA. Well-funded actors, including ransomware gangs and nation-state hackers, target Critical Infrastructure organizations.

As cyberattacks escalate and vulnerabilities persist without mitigation, the risk of a large-scale disaster for the industrial sector becomes more tangible. Organizations can no longer afford to remain unprepared on the sidelines; proactive measures are imperative.

MFA Attacks Pose Great Risk for Manufacturers

MFA bypass attacks significantly impact the industrial sector, causing disruptions, financial losses, and threats to critical systems such as industrial control systems (ICS) and production lines. These attacks can lead to process manipulation, equipment sabotage, and facility damage, posing risks of data breaches and compromising intellectual property. Tampering with critical infrastructure may result in severe environmental consequences and increased safety risks for workers.

Financially, cyberattack disruptions lead to substantial production downtime, affecting revenue and profitability. Investigating and recovering from these attacks incur expenses, including incident response, system restoration, and potential legal costs. Successful cyberattacks can harm industrial companies’ reputation, causing customer loss and decreased market value.

The pervasiveness of MFA attacks in the industry is fueled by various factors. Cybercriminals constantly develop new tools, exploiting vulnerabilities in MFA and user behavior through phishing kits, man-in-the-middle attacks, and social engineering tactics. MFA fatigue attacks overwhelm users, making them more likely to approve unauthorized access to avoid annoyance. Exploiting weaker MFA methods, such as SMS or push notifications, is a target for attackers due to easier bypass.

Human factors also contribute, as weak passwords may allow access despite MFA, and cybercriminals may trick users through phishing emails, fake websites, and scams, potentially bypassing MFA. Lack of security awareness among users increases susceptibility to attacks.

On a technical level, poor network security or system vulnerabilities serve as access points for attackers. Some MFA may have inherent weaknesses, including vulnerabilities in authentication protocols, software, or misconfigurations. While MFA improves security over password-only authentication, it is not foolproof, necessitating continuous vigilance and improvement to counter evolving cybercriminal tactics.

Zero Trust, Many Benefits

Zero Trust is crucial for mitigating MFA and other cyberattacks, significantly reducing risk for OT and ICS. It minimizes the attack surface by segmenting the OT network into isolated zones, restricting lateral movement for attackers even if they bypass MFA. Zero Trust continuously verifies and authorizes every access request, making it harder for attackers to exploit compromised credentials.

Enforcing the principle of least privilege, Zero Trust grants minimal access, limiting potential damage and restricting an attacker’s reach to sensitive data. Beyond MFA, Zero Trust integrates various security controls, including micro-segmentation, network monitoring, endpoint protection, and vulnerability management, creating multiple hurdles for attackers.

Zero Trust’s continuous monitoring enables early detection of suspicious behavior, facilitating faster incident response and containment, minimizing the impact of cyberattacks.

Five Steps to Zero Trust

CISA’s executive order (EO) 14028 encourages IT/OT leaders in the industrial sector to take a stepped approach enforce Zero Trust standards within their organizations and bolster OT cybersecurity to thwart MFA attacks. These steps include:

1. Introducing the Concept of Protect Surfaces: In contrast to conventional security methodologies that often concentrate on the expansive and ever-evolving attack surface, a more intelligent strategy has emerged: the concept of protect surfaces. Defining protect surfaces involves purposefully safeguarding critical elements such as data, physical equipment, networks, and essential assets. This targeted approach aims to address specific security needs, presenting a more manageable challenge compared to the broader attack surface. By identifying vital assets, including sensitive data and operational technology, organizations can establish a prioritized list for effective security and access management.
2. Mapping Transaction Flows for Prioritized Protect Surfaces: The next step involves analyzing user access, inter-system interactions, and optimal security conditions, such as multi-factor authentication (MFA), time/location checks, and expected tasks. This meticulous analysis lays the groundwork for constructing a Zero Trust environment, one secure surface at a time. This approach enhances cyber resilience and minimizes risk. For instance, a user’s access to terminal services might necessitate multi-factor authentication, specific time and location criteria, and adherence to predefined tasks. Once protected surfaces, priorities, and transaction flows are clearly defined, the process moves forward to architecting a Zero Trust environment, starting with the highest priority protected surface.
3. Architecting a Zero Trust Environment: Zero Trust is not a standalone product but rather a harmonious combination of tools, with multi-factor authentication (MFA), identity and access management (IAM), encryption, and tokenization serving as instrumental components. The key orchestrator in this symphony is smart segmentation and dynamic firewall policies. Envision policies adapting based on factors such as who is requesting access, what resources are being accessed, where the request originates, and when the request occurs. This nuanced approach gradually constructs a secure perimeter around critical assets, fortifying cyber defenses step by step.
4. Creating a Zero Trust Policy: The establishment of a comprehensive Zero Trust policy is imperative, governing activities such as access controls and firewall rules. This policy should extend beyond intranet postings, incorporating educational programs to instill strong security practices throughout the organization. Regular cyber awareness training plays a pivotal role in reducing risks.
5. Monitoring and Maintaining the Network: Ongoing monitoring and maintenance are crucial for verifying the functionality of the Zero Trust environment and associated policies. Continuous assessment helps identify any gaps or areas requiring improvement, allowing for prompt course corrections. Organizations can enhance their security posture by engaging a trusted Managed Security Services Provider (MSSP) with specialized expertise in operational technology (OT) cybersecurity, particularly for deploying and maintaining global-scale security measures.

Deloitte’s 2023 CFO Insights report highlighted that organizations with mature Zero Trust models experienced $1.51 million lower breach costs compared to those in the early stages of implementation. This suggests that Zero Trust effectively limits the spread of attacks within networks, minimizing the impact and facilitating faster containment. Although not a cure-all, Zero Trust signifies a substantial change in security posture that can greatly enhance the security of OT and ICS environments. Through the implementation of layered security controls, reduction of attack surfaces, and continuous verification of access, Zero Trust significantly raises the difficulty for attackers to exploit vulnerabilities and jeopardize crucial industrial systems. Ultimately, this marks a triumph for manufacturers.

Tony Baker is the Chief Product Safety & Security Officer at Rockwell Automation. He is responsible for leading the product safety and security strategy for the company. He focuses on building trust in the brand, ensuring the safety and security of the products, services, and solutions and for managing the associated risks. He joined Rockwell Automation in 2006 and brings over 15 years of experience in various roles including systems engineering, product management, and program leadership. For the past seven years, Tony has held key leadership roles focused on building our industrial cybersecurity portfolio and product security capability.

Subscribe to Industry Today