Cloud Hosting

Trend Micro, the multinational cybersecurity firm, announced today the results of a six-month long investigation into how hackers target unsecured industrial factories. The Tokyo-headquartered company created a honeypot that imitates a factory operating in an unsecured industrial environment. The experiment found that its sophisticated Operational Technology (OT) honeypot attracted financially motivated exploits.

Some of the common threats that its mock industrial environment was subjected to, include cryptocurrency mining and remote access. Two separate ransomware attacks illegitimately installed software that was used for consumer fraud.

Too often, discussion of cyber threats to industrial control systems (ICS) has been confined to highly sophisticated, nation-state level attacks designed to sabotage key processes. While these do present a risk to Industry 4.0, our research proves that more commonplace threats are more likely, said Greg Young, vice president of cybersecurity for Trend Micro.

The honeypot went live on May 6 and the human interface machines (HMIs) were exposed online without control access. To create the prototype of a realistic, industrial company, the same password was used for several workstations.

A mix of virtual machines and physical hosts was used to run the factory. This included programmable logic controllers (PLCs) and human machine interfaces (HMIs). Separate engineering and robotic workstations were employed, which were mapped to a file server.As the number of attacks went up, some of the threat actors became repeat offenders. A couple of months after going live, an attacker downloaded a cryptocurrency miner, which was later used to relaunch the miner and use the hosts hardware to mine cryptocurrency. Some of the other consequences from attacks included reconnaissance by malicious actors, which at times, caused system shutdowns.

More hackers appeared on our system. One of the most notable was behind a Crysis ransomware infection on Sept. 22. We watched as this threat actor downloaded the ransomware through TeamViewer and continued with their routine, up to the point they left the ransom note. We even interacted and haggled with the threat actor through an exchange of emails, said the official report.

As the number of attacks went up, some of the threat actors became repeat offenders. On October 16, 2020, a security breach led to a robotic workstation sending out a beacon as a part of its lateral movement. A second ransomware attack on October 21 used a Phobos variant of the earlier attack.

Some hackers were more benevolent. On November 1, an attacker left a well-intentioned note advising the admin to put a password on their systems. On Nov. 12, we saw an interesting attack that disguised itself as a ransomware campaign, when in fact the threat actor behind it had simply renamed our files. Two days later, on Nov. 14, this threat actor came back to the system to delete files and leave open tabs of a porn site on our desktop, the report said.

Owners of smaller factories and industrial plants should therefore not assume that criminals will leave them alone. A lack of basic protections can open the door to a relatively straightforward ransomware or cryptojacking attack that could have serious consequences for the bottom line, said Greg Young, Trend Micros VP of cybersecurity.

The company urges smart factory owners to reduce the number of ports left open to external connections, and to enforce cybersecurity best practices like changing access control policies. While it is difficult to completely mitigate attacks, the researchers argue that investing in basic cybersecurity products could prove to be a major deterrent.

15 Jun, 2018

15 Jun, 2018

15 Jun, 2018

15 Jun, 2018

15 Jun, 2018

Originally posted here:
Trend Micro creates honeypot to analyse security threats, gets subjected to ransomware & cryptocurrency mining - Economic Times