Cybersecurity solutions provider Trend Micro revealed the results of its six-month operational technology (OT) honeypot, which was a look-alike of a real industrial factory. The aim of creating an OT honeypot was to discover potential threat actors that could carry out malicious cyberattacks, exploits, and consumer fraud.
Deployment of the Honeypot
The team at Trend Micro built a real-time environment that consisted of programmable logic controllers, a human-machine interface (HMI), and other components of an industrial control system (ICS). The faux company presented itself as a rapid prototyping consultancy firm, MeTech, with real human employees, working contact channels, and a client base of organizations from critical industries. The team also designed a professional-looking website using a free web template.
Trend Micro’s research paper, titled, “Caught in the Act: Running a Realistic Factory Honeypot to Capture Real Threats” revealed that the MeTech honeypot went online in May 2019, through a Virtual Network Computing (VNC) and used the same password for multiple workstations. It purposely leaked sensitive information to lure more attackers.
The live honeypot was compromised for cyberthreats such as cryptocurrency mining, system shutdowns, and ransomware infections such as Crysis.
Talking about the rise in industrial cyberthreats, Trend Micro’s Vice President, Greg Young, said, “Too often, discussion of cyberthreats to industrial control systems (ICS) has been confined to highly sophisticated, nation-state level attacks designed to sabotage key processes. While these do present a risk to Industry 4.0, our research proves that more commonplace threats are more likely.”
Young further added, “Owners of smaller factories and industrial plants should therefore not assume that criminals will leave them alone. A lack of basic protections can open the door to a relatively straightforward ransomware or cryptojacking attack that could have serious consequences for the bottom line.”
Honeypots Across the Globe
In 2019, cybersecurity company Kaspersky planted more than 50 honeypots across the globe to trap cybercriminals. The experiment was conducted on 276,000 unique IP addresses from Internet of Things (IoT) devices. The company stated that the attacks were nine times greater than the number found in the first six months of 2018.