Presented at
Black Hat Asia 2020 Virtual,
Oct. 1, 2020, 11:20 a.m.
(40 minutes)
<p>Designing realistic ICS honeypot requires substantial time and resource investment, as well as in-depth knowledge not only of the technical aspects, but of industrial automation process. Over most of 2019, we designed and built a factory honeypot that is so real, the only thing missing is the actual products coming out of it!</p><p>For this talk, we will share our experience on how much effort we went through to make a realistic honeypot - from building a backstory for the company to the internals of our honeypot infrastructure. Then, we will highlight incidents we came across while running the honeypot since May 2019. We examined different incidents encountered, from ransomware attacks to industrial espionage and sabotage, and identify the objectives of our attackers.</p><p>Finally, we will discuss some recommendations and lessons we learned from running a honeypot and to answer the question: Did we do enough to attract attackers thinking they were targeting a real factory?"</p>
Presenters:
-
Charles Perine
- Senior Threat Researcher, Trend Micro
Charles Perine is a Senior Threat Researcher for Trend Micro with 15 years of experience in computer and network security. Much of his focus during that time has been dedicated to ICS security. He enjoys breaking hardware and software.
Links:
Similar Presentations: