Factory honeypot traps malicious attackers

Issue 4 2020 Industrial (Industry)

Trend Micro Incorporated announced the results of a six-month honeypot imitating an industrial factory. The sophisticated operational technology (OT) honeypot attracted fraud and financially motivated exploits.

The six-month investigation revealed that unsecured industrial environments are primarily victims of common threats. The honeypot was compromised for cryptocurrency mining, targeted by two separate ransomware attacks, and used for consumer fraud.

“Too often, discussion of cyber threats to industrial control systems (ICS) has been confined to highly sophisticated, nation-state level attacks designed to sabotage key processes. While these do present a risk to Industry 4.0, our research proves that more commonplace threats are more likely,” said Greg Young, vice president of cybersecurity for Trend Micro. “Owners of smaller factories and industrial plants should therefore not assume that criminals will leave them alone. A lack of basic protections can open the door to a relatively straightforward ransomware or cryptojacking attack that could have serious consequences for the bottom line.”

To better understand the attacks targeting ICS environments, Trend Micro Research created a highly realistic, industrial prototyping company. The honeypot consisted of real ICS hardware and a mix of physical hosts and virtual machines to run the factory, which included several programmable logic controllers (PLCs), human machine interfaces (HMIs), separate robotic and engineering workstations and a file server.

“Africa still boasts highly active industrial businesses, from manufacturing, to mining and engineering. While many are ramping up their use of IoT systems, some are still grappling with upgrading their back-end infrastructure,” states Indi Siriniwasa, vice president, sub-Saharan Africa for Trend Micro. “By using a honeypot to detect unauthorised use of these industrial systems paired with continued diligence and using secure computing techniques, industries can increase their security posture to be able to deflect and defend against attacks to their OT environments.”

Trend Micro urges smart factory owners to minimise the number of ports they leave open and to tighten access control policies, among other cybersecurity best practices. In addition, implementing cybersecurity solutions designed for factories can help further mitigate the risk of attack.

To read more about the research, including the design and deployment of the honeypot itself, visit www.securitysa.com/*trend2, redirects to https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/fake-company-real-threats-logs-from-a-smart-factory-honeypot




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

SA’s industrial challenge
Industrial (Industry)
The rapidly increasing uptake of artificial intelligence, machine learning and the Internet of Things in manufacturing, makes production facilities extremely vulnerable to malevolent actors.

Read more...
Securing smart devices in OT environments
Cyber Security Security Services & Risk Management Industrial (Industry)
The Industrial Internet of Things (IIoT) gives devices a link to the Internet so that users can interact with them in realtime, draw and analyse data for statistical or predictive analysis.

Read more...
Paying for experience, not assets
IT infrastructure Security Services & Risk Management Industrial (Industry)
Infrastructure as a Service (IaaS) has emerged as a feasible option that maintains crucial infrastructure such as IT, power consumption and business continuity while organisations focus on their core business.

Read more...
AI-powered hardhat detection
Hikvision South Africa Industrial (Industry) CCTV, Surveillance & Remote Monitoring
Hardhats save lives, but only if people wear them. Intelligent, AI-powered hardhat cameras are helping to ensure workers in dangerous locations stay safe at all times.

Read more...
Cybersecurity for operational technology: Part 3
Cyber Security Industrial (Industry)
According to a recent World Economic Report, the Covid-19 pandemic has increased our reliance on the global supply chain, while the Internet has accelerated the digitisation of business processes.

Read more...
Security for operational technology: Part 2
Editor's Choice Cyber Security Industrial (Industry)
The recent cyber-attack on Transnet is a wake-up call that South African companies are not immune from cyber threats. The incident impacted logistics on a national scale.

Read more...
How safe are our factories?
Industrial (Industry) Cyber Security
In this, the first part of a series on cybersecurity for operational technology, Bryan Baxter asks how safe our factories are from cyber threats.

Read more...
Securing industrial control systems
Industrial (Industry)
The increase in connectivity among OT devices and systems helps keep your critical industrial processes up to date and running smoothly, but it also risks exposing all your OT-related devices and facilities.

Read more...
Gijima and Cattron to deliver intelligent solutions
Gijima Specialised Solutions (GSS) Industrial (Industry) News Integrated Solutions
South African ICT provider, Gijima, has entered into a partnership agreement with Cattron, a provider of high-performance, intelligent control solutions, as part of Gijima’s quest to expand its horizons.

Read more...
Manufacturer adopts touchless biometrics and temperature screening
Asset Management, EAS, RFID Industrial (Industry)
Leading implantable plastics manufacturer adopts touchless biometrics and temperature screening via IXM TITAN with Enhancement Kit for workforce management and to safeguard employee health.

Read more...