Honeypot for SCADA attacks
Industrial control systems created for the sake of doing honeypot research... that is, research involving baits to see how fast hackers work in bringing them down... that controls critical systems such as factories, power plants, and factories were able to attract a whole swarm of international cyber terrorists like, appropriately enough, bees coming back to their hive full of honey. This happened as soon as they went online, and these systems were Internet-facing and full of vulnerabilities to boot. It's too hard for hackers to resist something that seemed too good to be true, but then again, lackadaisical security has happened before and their hacking experience kept them from being able to tell bait from the real thing.
According to Trend Micro's honeypot research
The attacks were swift and sustained. The online outlaws were upon the honeypots like sharks would to blood. The crackers were on a feeding frenzy, to be true. The vulnerabilities of SCADA are being studied thoroughly by information research groups for over three years thanks to noteworthy cyber attacks such as Duqu, Stuxnet, and the like. SCADA security expert and Trend Micro threat researcher Kyle Wilhoit decided to look into the phenomenon on how cyber attacks work and whatnot up close and person by putting up an Internet-facing honeypot that typically attracts the kind of "flies" one would expect from the Worldwide Web at large.
More to the point, it's a honeypot composed of multiple vulnerabilities that hackers typically salivate over. It will serve as a means to record potential attacks, how fast they come, where they come from, the methods employed to exploit the security holes, how long it takes for hackers to hack through the honeypot, and so forth. The honeypot is also a great SCADA device mimicker, such that a veritable plague of malware-toting hackers converged on it like a biblical natural disaster of sorts during the time of Moses. In less than a day, 39 attacks happened from 14 different countries. Attacks included spear-phishing attempts, ICS protocol exploitation, and changing CPU fan speed.
At any rate, the honeypot architecture proved vital in exposing quite a lot of information in terms of hacker behavior. Three honeypots were used... one offers PLC or programmable logic controller hosted on Amazon EC2 and running on Ubuntu, another mimicked a PLC production system connected to a control interface, while the last one is an actual PLC device that's used to control factory temperature systems. The Internet-facing sites were then provided SEO for Google to ensure they're easy to find by would-be crackers.
Powerful UTM Firewall, Vulnerability Scanner, WiFi Penetration Testing software
SecPoint is specialized to deliver the best IT security solutions and products.