In an effort to study threats commonly faced by industrial organizations researchers from Trend Micro have built an elaborate honeypot that mimicked a factory. To make the ruse as realistic as possible, the industrial environment included ICS hardware (PLCs from Siemens, Allen-Bradley and Omron), physical hosts, and virtual machines. The team has even created a fake company that claimed to be “a rapid prototyping consultancy firm” working for special customers.
In order to make the mock network more inviting for cybercriminals, the researchers intentionally left some vulnerabilities and made their system seem like it had been hacked by posting “leaked” information about it.
The MeTech honeypot went live in May 2019, and in the following seven months the researchers observed multiple attempts to infiltrate the network. Unsurprisingly, initially the honeypot was targeted by scanners prompting the researchers to block requests coming from known scanning services like Shadow Server, Shodan, and ZoomEye.
Trend Micro has also observed multiple attempts to use the honeypot’s resources to conduct fraudulent activity, such as buying smartphones by upgrading mobile subscriber accounts and cashing out airline miles for gift cards.
In other cases hackers installed cryptocurrency miners, and the team has also observed two instances of ransomware attacks with a Crysis ransomware and a Phobos ransomware being installed. Soon after these two incidents occured, the honeypot attracted a fake ransomware attack, which researchers at Trend Micro described as "fumbled around our system trying to get a PowerShell command to work". The hacker behind this attack deployed a fake ransomware that simply renamed the files on the system without actually encrypting them.
As for the control system attacks, the researchers said the PLCs were mostly tar ..
Support the originator by clicking the read the rest link below.
