Ransomware: Hackers took just three days to find this fake industrial network and fill it with malware

This article 5/11/2020 article in ZDNet illustrates how ready, willing and able cyber-hackers are to penetrate critical infrastructure. Key excerpts below…

“…Security company Cybereason built a 'honeypot' designed to look like an electricity company with operations across Europe and North America. The network was made to look authentic to entice potential attackers by including IT and operational technology environments, as well as human interface systems…

…The honeypot went live earlier this year and it was only three days until attackers discovered the network and were finding ways to compromise it – including a ransomware campaign that infiltrated chunks of the network, as well as grabbing log-in credentials.

"Very early after launching the honeypot, the ransomware capability was placed on every compromised machine," Israel Barak, chief information security officer at Cybereason, told ZDNet…

…while other hackers were more interested in performing reconnaissance on the network – as was the case with a previous honeypot experiment.

While that might not sound as dangerous as ransomware, an attacker looking to find ways they could exploit the network of what they thought to be an electricity provider could have potentially dangerous consequences.

…Fortunately, the attackers targeting the honeypot couldn't do any real damage – but the experiment demonstrates how networks supporting critical infrastructure need to be resilient enough to fend off unwanted intrusions by designing and operating networks with resiliency in mind – especially when it comes to segregating IT and operational technology networks.”