Enabling Industry 4.0 Through DNS Security

Industry 4.0 is defined as the ongoing transformation of traditional manufacturing and industrial practices combined with the newest smart technology. The aim is to improve processes via leveraging increased automation, machine-to-machine communication and internet of things (IoT) deployments, ultimately reducing the need for human interaction within the overall manufacturing process. The widespread rollout of 5G is expected to speed up the full realization of Industry 4.0, as companies across the entire manufacturing supply chain look to take advantage of its increased download speeds and the new revenue streams it will enable.

As the increasingly complex devices in factories grow in number and become more sophisticated, manufacturers must be able to adapt the networks that connect them quickly, reconfiguring them at will to optimize their performance and protect valuable components and data from potentially catastrophic cyber-attacks. One such component is DNS as it is critical for connecting users to their apps and services. Leveraging a holistic DNS Security package that incorporates a variety of tools and solutions can therefore protect organizations as network density intensifies, and the number of attack surfaces for cyber criminals grows.

Attacks on DNS bring down critical apps and services

The interconnected IoT devices, through which critical production data is transmitted, present an attractive attack surface for cybercriminals. Attacks targeting the Domain Name System (DNS) or using it as a vector have become especially appealing amongst threat actors. According to the 2020 IDC Global DNS Threat Report, 75% of manufacturing companies experienced at least one DNS attack last year, and the average cost of each attack hovered around $825k. Manufacturing companies who were victims suffered an average of 10 attacks over the course of the year.

The seismic impact of these attacks is something Chinese electronics firm Xiongmai can attest to, after it was forced to initiate a product recall following a DDoS attack that targeted its webcams and digital recorders. The botnet attack created by Mirai malware allowed hackers to harness millions of devices to flood a target with so much traffic that it couldn’t cope.

DNS attacks can have a significant, holistic impact on the manufacturing sector, impacting production processes right the way through to supply chain management. Although the manufacturing sector recognizes the importance of securing DNS, with 82% of respondents acknowledging it, more still needs to be done to mitigate the risk. For example, if a large manufacturing company loses access to a supply chain management application, there is a possibility that it will affect the entire company – including its suppliers, and customers.

Furthermore, the implications of the attack can be multifaceted, as can the type of attack. The most common forms of DNS attack in the manufacturing sector include phishing (40% of companies surveyed experienced phishing attacks), malware (35%), and DDoS attacks (22%) – 71% of which were over 5Gbits/sec. These attacks led to both application downtime (for 60% of businesses) and cloud downtime (for 52%), severely impacting business continuity and having significant financial implications

If the product is the raw materials needed to develop critical infrastructures during a natural disaster, or a global pandemic, the reputational damage to the affected businesses could be profound and have long lasting repercussions. Moreover, of all industries surveyed, the manufacturing industry took the longest to mitigate attacks, at nearly seven hours. This not only impacts supply chain, but machinery uptime and physical plant safety, reducing efficiencies and potentially harming employees.

Mitigating the risk of DNS attacks

There are a number of security solutions that can be leveraged to decrease the likelihood of a DNS attack occurring, such as DNS Filtering. To detect advanced threats better, domain Filtering lists should be built based on internal traffic analysis, instead of relying just on external feeds. Startlingly, only 34% make use of internal DNS traffic for filtering. Automating security policies are also effective, yet 31% of manufacturing companies have adopted little or no automation for their network security policy management, while as little as 39% pass valuable information to security information event management (SIEM) tools.

When a DNS attack occurs, there are a variety of countermeasures that organizations can take. Of the manufacturing respondents in the Threat Report, 56% temporarily shut down specific affected processes and connections, and 54% disabled some or all of the affected applications.

Unfortunately, these types of countermeasures can have significant financial and business implications. 43% of respondents were likely to shut down a server or service in the event of an attack, potentially affecting the operations and profitability of an entire manufacturing facility.

Organizations in the industrial sector can take measures to prevent and mitigate against these types of attacks. They should accelerate threat investigation by including DNS security in a security-by-design framework and should implement purpose-built DNS security with effective auto-remediation capabilities. Incorporating these protocols should include adaptive countermeasures that can limit attack damage by reducing mitigation times.

Companies should also rely more on Zero-Trust strategies. Zero Trust helps prevent breaches by using strict access controls and assuming that anyone on the network is not to be trusted, requiring verification before granting access to resources. It is a strategy that can make better use of behavioral analytics to determine who is a likely threat and who is not. Currently, only 17% of manufacturing respondents in the DNS Threat Report use Zero Trust architecture. 23% have piloted it; 27% have not yet explored the option.

A purpose-built solution for DNS security to accelerate detection and remediation

EfficientIP has a portfolio of solutions to help increase network visibility, scalability and security for enterprises of all shapes and sizes. For manufacturing companies, our DNS Guardian enhances threat visibility by monitoring transactions at the core of the DNS server. This serves as an effective first line of defense, as almost all connections are initiated through a DNS request. Any unusual activity will be picked up early, mitigating the threat of attacks in advance of them developing into something more sinister. DNS Guardian also enables actionable data, consisting of security events rather than large volumes of DNS logs, to be passed onto SIEMs and SOCs for helping accelerate remediation and reducing costs.

Moreover, manufacturing IT security could be boosted via DNS Firewall, which makes use of DNS query filtering and dynamic threat intelligence feeds to help prevent connected devices from becoming infected with malware and to block their activity should an infection occur. This stops the malware from taking over networks and boosts overall enterprise resilience. A key component of our EfficientIP SOLIDserver appliances, the DNS Firewall module provides a purpose-built and complementary solution to traditional enterprise network security systems.

The success of the manufacturing sector has long been a barometer for the wider economy. With the prospect of a global recession around the corner, there has never been a greater need for companies across the entire manufacturing supply chain to stay resilient. This will be even more important as new technologies are developed and implemented as 5G is rolled out on a global scale.