Fake Company, Real Threat
In a fully functioning smart factory, every process must begin and end with precision and uninterrupted operation so that it can weave seamlessly into the facility’s production line. However, behind the normal hum of a smart factory’s day-to-day business lurks the possibility of attacks from threat actors.
To determine how knowledgeable and ingenious threat actors could be in compromising a manufacturing facility, we conducted a research in 2019 that essentially had us simulating a factory of our own. Using our most realistic honeypot to date, we created an environment that could lure cybercriminals into carrying out attacks and at the same time give us an all but unimpeded look at their actions.
We designed our pure-production honeypot to mimic a real system, including programmable logic controllers, a human-machine interface (HMI), and other components of an industrial control system (ICS). We then created a cover company for this faux factory: a rapid prototyping consultancy firm with ostensibly real human employees, working contact channels, and a client base composed of large anonymous organizations from critical industries. This ruse proved effective, as shown by the different types of attacks our honeypot attracted.
Our research paper, “Caught in the Act: Running a Realistic Factory Honeypot to Capture Real Threats,” contains the full details of our honeypot, from its conceptualization to the description of noteworthy attacks we encountered on it. Here we recount some of the highlights of our honeypot’s monthslong run.
About the author, Richard
Over 28+ years of hands-on experience working in the hi-tech and cyber security industry in a number of leading roles, as individual contributor and management. Currently served as Sr. Vice President of Commercial IoT Security Business and Market Development. Prior to the current role, I served as Sr. VP and head of product management for Trend Micro Enterprise and Small Business Foundation (User Protection Group) Security Product and Services reporting to the CEO. Previous roles include: Vice President, Consumer Products and Services Management; Vice President, Small and Medium Business Products and Services Management; Sr. Director, Small and Medium Business Products and Services Management; Sr. Director, Client/Server/Messaging Enterprise Group; Sr. Product Manager - ScanMail family, OfficeScan, InterScan Virus Wall and Worry-Free Family, Malware Researcher and System Engineer. Responsible for the development of new strategies and the revitalization of Trend Micro foundation business over the years.
