Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security Businesses Network Privacy The Internet IT

Trend Micro Set Up a Fake Tech Company and Honeypot To Study Cyber Criminals (zdnet.com) 16

DesScorp writes: In an effort to better understand the latest threats to IT systems, antivirus and security company Trend Micro created a fake tech company, complete with AI-generated photos of fake employees, in order to build a honeypot environment that looked like an actual, working tech factory environment. "Malicious hackers are targeting factories and industrial environments with a wide variety of malware and cyberattacks including ransomware, cryptocurrency miners -- and in some cases they're actively looking to shut down or disrupt systems," reports ZDNet. "All of these incidents were spotted by researchers at cybersecurity company Trend Micro who built a honeypot that mimicked the environment of a real factory. The fake factory featured some common cybersecurity vulnerabilities to make it appealing for hackers to discover and target."

The report adds: "To help make the honeypot as convincing as possible, researchers linked the desktops, networks and servers to a false company they called MeTech and created a website detailing how the manufacturer served clients in high-tech sectors including defense and aerospace -- popular targets for hacking. The website even featured images and bios of people who supposedly worked for the false brand, with headshots generated by artificial intelligence in an effort to make the honeypot look as much like a legitimate company as possible." Trend Micro even leaked details of system vulnerabilities in things like Virtual Network Computing (VNC) access to further lure criminals in. The fake company was attacked by everyone from ransomware actors to cryptocurrency miners, to hackers that did "recon" to look for possible industrial espionage data.

This discussion has been archived. No new comments can be posted.

Trend Micro Set Up a Fake Tech Company and Honeypot To Study Cyber Criminals

Comments Filter:
  • No real company would allow/trust Trend to monitor their actual networks, so they made their own with hookers and blackjack.

  • Sounds amateur-ish (Score:4, Informative)

    by ugen ( 93902 ) on Thursday January 23, 2020 @09:28PM (#59650258)

    "AI generated" photos and a website, oh boy.
    Serious attackers would take at least a few minutes to search:
    - Staff and mgmt bios (Linkedin, social networks)
    - Check industrial listings (D&B, Lexisnexis, corporate records)
    - Government bid information for fed. projects
    All of that would quickly lead to the conclusion that this "company" is fake, at which point the only attackers would be automated scripts and those after a low hanging fruit.

    • And the ones that wanted to know what could be worth all that trouble to fake up...

    • by kot-begemot-uk ( 6104030 ) on Friday January 24, 2020 @04:21AM (#59650994) Homepage
      Exactly. Anything else aside some social engineering +/- a cute Russian hooker is CHEAPER than the price per hour charged by a real hacker group. For that you need the "social" scoop. So all they got were the automated bots - something they could get without all that trouble.

      In order to get an idea of what is involved and what is the price per hour of a real pro, have a look at some of the work done by Alisa Shevchenko: https://en.wikipedia.org/wiki/... [wikipedia.org] or here https://3dnews.ru/912856/?feed [3dnews.ru]

      Her per hour rate used to be high enough so she could afford to work only 6 months of the year and the rest spend gallivanting around Thailand and engaging in her fav hobby of Tai boxing.

      Her average time to completely gut an IoT system including building control, surveillance, etc including ones rated for USA and UK government use was reported to be under one hour. Similar times to gut banking security or penetrate a "company" setup like the one described.

      One of the BIGGEST idiocies ever done in the security scene was when her USA competitors got USA to slap her with sanctions. So now, instead of having proper security audit and pen testing we have to trust the likes of Trend Micro. It will probably be too late to revisit that after an elevator in an "interesting building" somewhere slams into the ground at maximum speed taking its contents to whatever circle of Hell they are destined to (one of the companies she worked for was Sneider Electric - the guys which do both elevators and building control systems including ones used in a LOT of USA and UK government buildings).

      • Here's how anyone can hack a company in under 1 hour:

        1. 1. Craft a great resume for an open IT position
        2. 2. Add exploit to resume PDF or DOCX
        3. 3. Send resume to company HR

        The rest is taken care of:

        1. 1. HR forwards to head of IT
        2. 2. Head of IT forwards to some of his top team members for review

        It usually really is this easy. This is the first thing everyone tries and it works 90% of the time. All of that training about "don't click on suspicious links" is out the window when the company makes it someone's job to o

  • They put a lot more effort into creating the honeypot than the results merited. They got one capably managed ransomware attack and two script kiddies but no one was interested in launching the Stuxnet type industrial systems attack they meticulously planned for. And I think the reason for that's obvious: those threat actors are probably foreign governments not black hat randos, they're targeting known real government subcontractors and aren't searching the internet to find any, so potemkin villages will be

No spitting on the Bus! Thank you, The Mgt.

Working...