Skip to main content

Global supply chains threatened by DNS attacks

(Image credit: Photo Credit: andriano.cz/Shutterstock)

Local, regional, and global value chains are experiencing profound changes in light of Covid-19. The emergence of the global pandemic has created unprecedented consequences for manufacturers and supply chains, including a decline in demand for non-essential goods, demand surges for essential goods, shifting consumer preferences, as well as temporary shut-downs. While an investment in IoT has helped some corporations weather the crisis, it has also exposed them to higher risk of cyberattacks.

The benefits of Industry 4.0

IoT-based services and applications have created a surge in the digitization of production and manufacturing. This trend is largely referred to as Industry 4.0; it is the ongoing transformation of traditional manufacturing and industrial practices combined with the newest smart technology, with the aim of improving processes and ultimately reducing the need for human interaction at each stage of production. It can do with by leveraging increased automation, machine-to-machine communication and internet of things (IoT) deployments.

For example, as devices are added to company networks, they can allow for things like predictive maintenance: the recording, transmission and exchange of data amongst devices around the clock allows for early detection of issues with manufacturing components. Thanks to connected IoT devices and applications, companies can utilize production and customer data to predict defects before they occur, to manage and expand complex supply networks or even to tailor their production to individual customer needs.

While the advancements in manufacturing brought about by Industry 4.0 have enabled corporations to save costs while increasing output and meeting surging demand, this revolution does not come without challenges.

IoT has widened the attack surface for cybercriminals—and DNS is an attractive way in

The devices and data in manufacturing facilities and supply chains present an attractive attack surface for cybercriminals. Attacks targeting DNS or using it as a vector have become especially appealing amongst hackers. Cybercriminals aim to take advantage of vulnerabilities in the DNS, or Domain Name System--the system that translates Web site names into numeric addresses (IP addresses) that are easier for computers to manage. According to the 2020 Global DNS Threat Report, published by EfficientIP and IDC, nearly four in five companies experience at least one DNS attack in the past year, and the average cost of each attack hovers around USD$1 million.

As the manufacturing industry has evolved and incorporated IoT, many companies in the manufacturing sector have also become increasingly vulnerable to DNS attacks. The Covid-19 pandemic has only exacerbated the vulnerability, making it all the more critical for business leaders to understand where their vulnerabilities lie. For example, if a large manufacturing company loses access to a supply chain management application, the ripple effects can spread to the entire company as well as its suppliers and customers. If the product is personal protective equipment or medication set to be distributed to hospitals, the repercussions could be profound.

DNS attacks profoundly impact manufacturing—and the sector is the slowest to mitigate attacks

According to the Threat Report, of all industries surveyed, the manufacturing industry took the longest to mitigate attacks at nearly seven hours. This not only impacts supply chain, but machinery uptime and physical plant safety. Indeed, the effect of DNS attacks on manufacturing and supply chains can be devastating.

Some of the more common attack types in the manufacturing sector include phishing (40 percent of companies surveyed experienced phishing attacks), DNS-based malware (35 percent), DDoS attacks (23 percent) and DNS amplification attacks (22 percent).

When an attack occurs, there are a variety of countermeasures that organizations can take. Of the manufacturing respondents in the Threat Report, a majority relied on applying a patch to fix security hole exploited by attacker(s) (68 percent), shutting down specific affected processes and connections (56 percent), or disabling some or all of the affected applications (54 percent).

Unfortunately, these types of countermeasures can have significant financial and business implications. 43 percent of respondents were likely to shut down a server or service in the event of an attack, potentially affecting the operations of an entire manufacturing facility. 60 percent of manufacturing organizations suffered app downtime as a result of a DNS attack and 52 percent suffered cloud service downtime, something that could significantly affect access to data, supply chain logistics and more. Any disruption in these areas could lead to significant reputational damage for enterprises, a risk that grows only higher as more and more enterprises move their apps and services into the cloud.

Using DNS more effectively will improve threat detection and data security

Given these statistics, it is clear why over 80 percent of manufacturing respondents rated DNS security as extremely important or very important. DNS is also at the heart of data privacy and regulatory compliance—data exfiltration via DNS often goes unnoticed as the information is hidden in normal network traffic. This is why 37 percent of manufacturing companies that are looking to better protect data confidentiality rank monitoring and analysis of DNS traffic as their top priority, ahead of adding more firewalls or securing endpoints.

Indeed, businesses should rely on DNS more frequently for threat detection. DNS sees almost all IP traffic, so analyzing DNS transactions in near real time offers vital threat intelligence for detecting suspicious clients and malicious domains. The valuable actionable information provided by DNS traffic analysis can be shared with the Security Operations Centre (SOC) to make detection of threats much easier. Businesses should therefore enhance threat investigation by including DNS security in a security-by-design framework, implementing a purpose-built DNS security solution with effective auto-remediation capabilities. This needs to incorporate adaptive countermeasures that can limit attack damage, which will ensure continuity of business and services.

Companies should also rely more on Zero-Trust strategies. In short, Zero Trust helps prevent data breaches by using strict access controls and assuming that anyone on the network is not to be trusted, requiring verification before granting access to resources. It is a strategy that can make better use of behavior analytics to determine who is a likely threat and who is not. Currently, only 17 percent of manufacturing respondents in the DNS Threat Report use Zero Trust architecture. 23 percent have piloted it; 27 percent have not yet explored the option.

As Covid-19 tests the strength of the manufacturing industry, digitization of manufacturing, and automation of processes to meet increased and shifting supply chain demands, the potential attack surfaces will only grow. The time has never been better to strengthen DNS security in the manufacturing sector.

Ronan David, VP of Strategy, EfficientIP