constant threatFollowing the many incidents of cyber-attacks on factory and industrial environment, a honeypot that looked exactly like a genuine industrial setting was set up by a Cybersecurity firm Trend Micro. Many efforts were made to make it very genuine to entice hackers.
The cybersecurity firm created an unexisting company and named it MeTech. They also created a fake website with a description of how they serve clients in the high-tech sector which has been a major target of hackers. They linked the network, servers, and desktop to the fake company, MeTech and made sure there are obvious vulnerabilities to appeal to hackers.
Some of the weaknesses of the honeypot were Virtual Network Computing with no control access, making use of the same password for different workstations on the network and also, unsecured outward-facing remote desktop port. On the created website was bios and images of people who supposedly work for the company.
Image Source: www.timesofisrael.com
Artificial intelligence was used to create a headshot to make the brand more convincing. After successfully creating the honeypot, they then exposed these purposely created vulnerabilities of the industrial environment online. The honeypot then went online in May 2019 and Just as expected, cybercriminals came around and made efforts to attack it.
A number of hackers entered the system’s network and performed a reconnaissance in the industrial environment to check if they could possibly steal any sensitive information. The report established that some hackers even made efforts to shut down the system. There were repeated incidents of attacks that sought to shut down the system of the fake factory.
Another malicious actor who made his way into the network installed a cryptocurrency mining malware to generate Bitcoin. That was not a one-time attempt. The attacker returned most of the time to relaunch the cryptocurrency malware.
In September 2019, a malicious actor was said to have come around and conducted a reconnaissance to have a clear idea of the target. The malicious actor then used remote desktop functions and access to TeamViewer to inflict Crysis ransomware on the network. The attack contained an instruction to the victim to pay $10,000 in other to get the decryption key to decrypt the encrypted file.
A researcher communicated with the attacker posing as an employee of the fake MeTech company. The malicious actor then asked him to pay a reduced amount of $6000. The researchers then reset the system back to the original state as reported.
A month after this incident, another malicious actor came around and installed a Phobos ransomware. This was removed by the researchers. Many incidents of attacks were also recorded with one incident involving a hacker coming around and trying to get PowerShell command to work. The malicious actor then launched a fake ransomware attack.
Trying to make it look genuine, he changed the command names, left a note asking for a ransom in other to provide the decryption key. Researchers shut down the honeypot in December 2019 after obtaining all the needed information on how attackers hit the factory and the industrial environment with ransomware of which most of the cases came from normal hackers.
According to Greg Young, the Vice President of Trend Micro, the research reveals that commonplace threat is more likely to hit Industrial Control System, and this is contrary to the many discussions that attribute such attacks to a highly sophisticated and state-sponsored hacker groups. He stated that owners of smaller industries and factory plants should understand that they are not free from ransomware attacks as hackers are always ready to find vulnerabilities and hit them with various malware. It is therefore important to protect themselves by patching all security flaws.
Image Source: www.zdnet.com
It was recommended that access control policies of an industrial environment should be highly protected by setting a stronger and unique password on each system. It was also recommended that two-factor authentication is set to make it difficult for third parties who attempt to access the environment. The system should frequently be updated to patch all security flaws to prevent attackers from making use of known vulnerabilities of an industrial environment to access sensitive information. It is also important to avoid clicking on suspected emails to avoid becoming a victim of ransomware attacks.
This research reveals that hackers are very desperate out there and they are always ready to launch an attack with less or high potent malware. Industries must also try as much as possible to have a minimum number of open ports facing the internet to make it more difficult for hackers.
Cybercrime has been a constant threat to industries across the world as many of them have collapsed following a single strike by malicious actors. It is expected that this report will be a wake-up call for industries to heavily invest in cybersecurity.
Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation to the reliance on or usage of any content, goods or services mentioned in this article.