Fake Company, Real Threat
In a fully functioning smart factory, every process must begin and end with precision and uninterrupted operation so that it can weave seamlessly into the facility’s production line. However, behind the normal hum of a smart factory’s day-to-day business lurks the possibility of attacks from threat actors.
To determine how knowledgeable and ingenious threat actors could be in compromising a manufacturing facility, we conducted a research in 2019 that essentially had us simulating a factory of our own. Using our most realistic honeypot to date, we created an environment that could lure cybercriminals into carrying out attacks and at the same time give us an all but unimpeded look at their actions.
We designed our pure-production honeypot to mimic a real system, including programmable logic controllers, a human-machine interface (HMI), and other components of an industrial control system (ICS). We then created a cover company for this faux factory: a rapid prototyping consultancy firm with ostensibly real human employees, working contact channels, and a client base composed of large anonymous organizations from critical industries. This ruse proved effective, as shown by the different types of attacks our honeypot attracted.
Our research paper, “Caught in the Act: Running a Realistic Factory Honeypot to Capture Real Threats,” contains the full details of our honeypot, from its conceptualization to the description of noteworthy attacks we encountered on it. Here we recount some of the highlights of our honeypot’s monthslong run.