Vendor hopes six-month investigation can help shore up defenses against common attacks in industrial environments
Security vendor Trend Micro this week announced the results of a six-month project that lured attackers and financially motivated fraudsters to a sophisticated Operational Technology (OT) honeypot posing as an industrial factory.
The Lowdown: Over the course of the investigation, Trend Micro analysts saw the honeypot compromised by mostly common threats, including cryptocurrency mining and two separate ransomware attacks. The spurious system was also exploited by attackers perpetrating consumer fraud, investigators said.
The Details: To better understand attacks targeting industrial control system (ICS) environments, Trend Micro Research created a realistic industrial prototyping company. The honeypot consisted of real ICS hardware and a mix of physical hosts and virtual machines to run the factory, which included several programmable logic controllers (PLCs), human machine interfaces (HMIs), separate robotic and engineering workstations, and a file server.
The Impact: Based on the results of the investigation, Trend Micro suggests smart factory owners minimize the number of ports they leave open and tighten access control policies, among other cybersecurity best practices.
The Buzz: “Too often, discussion of cyberthreats to ICS has been confined to highly sophisticated, nation-state-level attacks designed to sabotage key processes. While these do present a risk to Industry 4.0, our research proves that more commonplace threats are more likely,” said Greg Young, vice president of cybersecurity at Trend Micro. “Owners of smaller factories and industrial plants should therefore not assume that criminals will leave them alone. A lack of basic protections can open the door to a relatively straightforward ransomware or cryptojacking attack that could have serious consequences for the bottom line.”