Home News Trend Micro’s Fake Factory OT Honeypot Lures Real Threat Actors

Trend Micro’s Fake Factory OT Honeypot Lures Real Threat Actors

Number of IoT Devices Expected to Reach 24.1 Bn in 2030: Report

Cybersecurity solutions provider Trend Micro revealed the results of its six-month operational technology (OT) honeypot, which was a look-alike of a real industrial factory. The aim of creating an OT honeypot was to discover potential threat actors that could carry out malicious cyberattacks, exploits, and consumer fraud.

By Pooja Tikekar, Feature Writer at CISO MAG

Deployment of the Honeypot

The team at Trend Micro built a real-time environment that consisted of programmable logic controllers, a human-machine interface (HMI), and other components of an industrial control system (ICS). The faux company presented itself as a rapid prototyping consultancy firm, MeTech, with real human employees, working contact channels, and a client base of organizations from critical industries. The team also designed a professional-looking website using a free web template.

Trend Micro’s research paper, titled, “Caught in the Act: Running a Realistic Factory Honeypot to Capture Real Threats” revealed that the MeTech honeypot went online in May 2019, through a Virtual Network Computing (VNC) and used the same password for multiple workstations. It purposely leaked sensitive information to lure more attackers.

The live honeypot was compromised for cyberthreats such as cryptocurrency mining, system shutdowns, and ransomware infections such as Crysis.

Talking about the rise in industrial cyberthreats, Trend Micro’s Vice President, Greg Young, said, “Too often, discussion of cyberthreats to industrial control systems (ICS) has been confined to highly sophisticated, nation-state level attacks designed to sabotage key processes. While these do present a risk to Industry 4.0, our research proves that more commonplace threats are more likely.”

Young further added, “Owners of smaller factories and industrial plants should therefore not assume that criminals will leave them alone. A lack of basic protections can open the door to relatively straightforward ransomware or cryptojacking attack that could have serious consequences for the bottom line.”

Honeypots Across the Globe

In 2019, cybersecurity company Kaspersky planted more than 50 honeypots across the globe to trap cybercriminals. The honeypots experiment detected 105 million attacks on the Internet of Things (IoT) devices coming from 276,000 unique IP addresses. The company stated that the attacks were nine times greater than the number found in the first six months of 2018.


About the Author

Pooja Tikekar is a Feature Writer, and part of the editorial team at CISO MAG. She writes news and feature stories on cybersecurity trends.

More from the author.