Critical Infrastructure Security, Threat Management, Malware, Network Security

Cybercriminals waste no time breaking into experimental honeypot designed to look like ICS environment

A research honeypot set up to look like an electric company's power transmission substation network was compromised by a dark web hacker within two days of it going online -- yet another sign that industrial control systems are increasingly becoming targets of not just nation-states, but also traditional cybercriminals.

Cybereason, whose researchers conducted the experiment in the second quarter of 2018, detailed its findings in a report released on Tuesday. Co-authors Israel Barak, CISO of Cybereason, and Ross Rustici, senior director of intelligence services, noted that within 48 hours of the honeypot's launch, a seller for the xDedic black market accessed the fake network and installed a malicious toolset called xDedic RDP Patch, along with several backdoors, all in an effort to sell the asset to a prospective buyer.

In the days following the takeover, the honeypot was reportedly barraged with bots specializing in cryptomining, phishing and DDoS, before a third party believed to be the buyer accessed one of the backdoors created by the seller.

“In two days, the attackers got into the environment, conducted reconnaissance aimed at finding an entry point from the IT environment to the OT environment, which is really what they wanted,” Barak said in the release. 

“The biggest lesson learned from the honeypot is that multiple tiers of attackers find ICS environments interesting. That's increasing risk for people who operate those types of systems. The security basics are really what's going to prevent a bad day from becoming a catastrophic day,” added Rustici.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.