Trend Micro has announced the results of a sophisticated six-month operational technology (OT) honeypot operation imitating an industrial factory, aimed at attracting fraud- and financially-motivated exploits.
The investigation revealed that unsecured industrial environments are primarily victims of common threats. The honeypot was compromised for cryptocurrency mining, targeted by two separate ransomware attacks, and used for consumer fraud.
“Too often, discussion of cyber threats to industrial control systems (ICS) has been confined to highly sophisticated, nation-state level attacks designed to sabotage key processes,” says Greg Young, vice-president of cybersecurity for Trend Micro.
“While these do present a risk to Industry 4.0, our research proves that more commonplace threats are more likely.
“Owners of smaller factories and industrial plants should therefore not assume that criminals will leave them alone. A lack of basic protections can open the door to a relatively straightforward ransomware or cryptojacking attack that could have serious consequences for the bottom line.”
To better understand the attacks targeting ICS environments, Trend Micro Research created a realistic industrial prototyping company.
The honeypot consisted of real ICS hardware and a mix of physical hosts and virtual machines to run the factory, which included several programmable logic controllers (PLCs), human machine interfaces (HMIs), separate robotic and engineering workstations and a file server.
“Africa still boasts highly active industrial businesses, from manufacturing, to mining and engineering,” comments Indi Siriniwasa, vice-president: sub-Saharan Africa for Trend Micro. “While many are ramping up their use of IoT systems, some are still grappling with upgrading their backend infrastructure.
“By using a honeypot to detect unauthorised use of these industrial systems paired with continued diligence and utilising secure computing techniques, industries can increase their security posture to be able to deflect and defend against attacks to their OT environments.”
Trend Micro urges smart factory owners to minimise the number of ports they leave open and to tighten access control policies, among other cybersecurity best practices.
In addition, implementing cybersecurity solutions designed for factories can help further mitigate the risk of attack.