Factory honeypot traps malicious attackers

Issue 4 2020 Industrial (Industry)

Trend Micro Incorporated announced the results of a six-month honeypot imitating an industrial factory. The sophisticated operational technology (OT) honeypot attracted fraud and financially motivated exploits.

The six-month investigation revealed that unsecured industrial environments are primarily victims of common threats. The honeypot was compromised for cryptocurrency mining, targeted by two separate ransomware attacks, and used for consumer fraud.

“Too often, discussion of cyber threats to industrial control systems (ICS) has been confined to highly sophisticated, nation-state level attacks designed to sabotage key processes. While these do present a risk to Industry 4.0, our research proves that more commonplace threats are more likely,” said Greg Young, vice president of cybersecurity for Trend Micro. “Owners of smaller factories and industrial plants should therefore not assume that criminals will leave them alone. A lack of basic protections can open the door to a relatively straightforward ransomware or cryptojacking attack that could have serious consequences for the bottom line.”

To better understand the attacks targeting ICS environments, Trend Micro Research created a highly realistic, industrial prototyping company. The honeypot consisted of real ICS hardware and a mix of physical hosts and virtual machines to run the factory, which included several programmable logic controllers (PLCs), human machine interfaces (HMIs), separate robotic and engineering workstations and a file server.

“Africa still boasts highly active industrial businesses, from manufacturing, to mining and engineering. While many are ramping up their use of IoT systems, some are still grappling with upgrading their back-end infrastructure,” states Indi Siriniwasa, vice president, sub-Saharan Africa for Trend Micro. “By using a honeypot to detect unauthorised use of these industrial systems paired with continued diligence and using secure computing techniques, industries can increase their security posture to be able to deflect and defend against attacks to their OT environments.”

Trend Micro urges smart factory owners to minimise the number of ports they leave open and to tighten access control policies, among other cybersecurity best practices. In addition, implementing cybersecurity solutions designed for factories can help further mitigate the risk of attack.

To read more about the research, including the design and deployment of the honeypot itself, visit www.securitysa.com/*trend2, redirects to https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/fake-company-real-threats-logs-from-a-smart-factory-honeypot




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Industrial fire safety
Issue 4 2020, Technoswitch , Industrial (Industry)
Industrial settings are high-risk environments in general, but the risk of fire in these locations is always a top concern.

Read more...
Safely safeguarding chemical facilities
CCTV Handbook 2019 , CCTV, Surveillance & Remote Monitoring, Industrial (Industry)
Wisenet T series explosion-proof and stainless steel cameras customised for industrial facilities provide pre-emptive protection not only for facility assets but also for employees and the nearby community.

Read more...
Cyber risks drive convergence
September 2019 , Integrated Solutions, Industrial (Industry)
What makes industry sectors such as manufacturing, pharmaceuticals, oil and gas and transportation particularly vulnerable to cyberattacks it?s their reliance on operational technology.

Read more...
Rockwell Automation a founding member of ISA Global Cybersecurity Alliance
September 2019 , News, Industrial (Industry)
To better secure today’s complex and often vulnerable production operations, the ISA Global Cybersecurity Alliance recently announced Rockwell Automation as a founding member.

Read more...
Becoming more cyber-savvy within the OT environment
September 2019 , Cyber Security, Industrial (Industry)
Organisations running operational technology (OT) have increasingly come under cyberattack, with malware sending shockwaves through these sectors.

Read more...
Corporate SA not in love with 4IR
July 2019 , Industrial (Industry), Integrated Solutions
The technologies that make up the so-called fourth industrial revolution (4IR) have yet to be adopted with any enthusiasm by South African enterprises.

Read more...
Going safely into the brave new world of 4IR
July 2019 , Industrial (Industry), Cyber Security
Put cybersecurity at the heart of industrial digitisation on the journey to 4IR.

Read more...
Integrated risk management essential
August 2019, AVeS Cyber Security , IT infrastructure, Security Services & Risk Management, Industrial (Industry)
With manufacturing focused intensively on innovation, combined with a reliance on connected networks and products, it is highly vulnerable to cyberattacks.

Read more...
The 4th Industrial Revolution
July 2019, Wolfpack Information Risk , Editor's Choice, Cyber Security, Security Services & Risk Management, Industrial (Industry)
Most major industries have turned to and are reliant on technology to run their operations. This is a time of great promise, but also one of frightening peril.

Read more...
You can’t isolate, so integrate
July 2019, Axis Communications SA , Industrial (Industry), Integrated Solutions
One of the most exciting trends to emerge from the Industry 4.0 revolution is that technologies and hardware that were originally developed for the security market are increasingly being co-opted to enhance organisational productivity.

Read more...