• About Us
  • Advertising
  • Digital Magazine
  • Supplements
  • Media Pack
  • Privacy Policy
  • Contact us
CXO Insight Middle East
  • News
  • Opinion
  • Business
    • Industries
      • Transport
      • Retail
      • Government
      • Real Estate
      • Education
      • Energy
      • Banking and Finance
    • Channel
  • Future
    • Tech
    • Gadgets
    • Science
    • Space
    • Sustainability
  • Events
    • Channel Insights Summit 2025
    • Insight Innovation Summit
    • CXO50 Oman
    • CXO50
    • ICT Awards
      • Dubai 2025
      • Saudi Arabia
    • Cyber Strategists Summit
    • Cloud Connect 2025
    • Channel Awards 2024
    • All events
  • GITEX
  • Digital Magazine
No Result
View All Result
CXO Insight Middle East
  • News
  • Opinion
  • Business
    • Industries
      • Transport
      • Retail
      • Government
      • Real Estate
      • Education
      • Energy
      • Banking and Finance
    • Channel
  • Future
    • Tech
    • Gadgets
    • Science
    • Space
    • Sustainability
  • Events
    • Channel Insights Summit 2025
    • Insight Innovation Summit
    • CXO50 Oman
    • CXO50
    • ICT Awards
      • Dubai 2025
      • Saudi Arabia
    • Cyber Strategists Summit
    • Cloud Connect 2025
    • Channel Awards 2024
    • All events
  • GITEX
  • Digital Magazine
No Result
View All Result
CXO Insight Middle East
No Result
View All Result

Cybereason Honeypot Traps Hackers Targeting ICS

by CXO Staff
June 15, 2020
in News

Cybereason has published findings from its latest honeypot that was created to analyse the tactics and procedures used by hackers

Israel Barak, Cybereason

Israel Barak, Cybereason

Endpoint protection company Cybereason has published findings from its latest honeypot that was created to analyse the tactics, techniques, and procedures used by hackers to target critical infrastructure providers. This project has revealed hackers have adopted multistage ransomware attacks as part of hacking operations against industrial control systems (ICS).

The honeypot IT and OT (operational technology) environment was built to look like a large electricity company with operations in North America and Europe. Cybereason successfully launched a similar honeypot two years ago looking at the same industry.

The report titled “Cybereason’s Newest Honeypot Shows How Multistage Ransomware Attacks Should Have Critical Infrastructure Providers on High Alert” is based on attacks to a network architecture masquerading as part of an electricity generation and transmission provider’s network, including an IT and OT environment and HMI (human machine interface) management systems. The environment employed customary security controls including segmentation between the different environments.

Once the honeypot went live, hackers compromised the network within three days by brute forcing the admin password, which had medium complexity. Attackers placed ransomware on every compromised machine early in the process but didn’t detonate it immediately. After the other stages of the attack were completed (including data theft, user password stealing and propagation across the network), the attacker detonated the ransomware across all compromised endpoints simultaneously. This is a common trait to multistage ransomware campaigns, that is intended to amplify the impact of the attack on the victim.

“Ransomware threats to critical infrastructure providers should be a top concern for security teams. In the ICS industry, we are seeing fewer strains of ransomware yet the existing strains rake in more gains. Hackers do this by better targeting and making more money from each target. We can expect to see an increase in multistage ransomware embedded into hacking operations in the foreseeable future,” said Israel Barak, Chief Information Security Officer, Cybereason.

In this new research, the Cybereason team identified multiple attackers executing ransomware operations involving data theft, the stealing of user credentials, and lateral movement across the victims network to compromise as many endpoints as possible. This includes critical assets like the domain controllers, which could take between several minutes to several hours to properly infiltrate.

Ransomware capabilities were deployed early on in the hacking operation, but it was not immediately detonated. The ransomware was designed to detonate only after preliminary stages of the attack finished across all compromised endpoints in order to achieve maximum impact on the victim.

This operational attack pattern attempts to impact as many victim assets as possible, representing a higher risk to organisations compared to ransomware attacks that impact the single machine they initially access. However, this operational pattern also represents an opportunity for defenders with a rapid detection and response process to detect the attack at its early stages and respond effectively before ransomware is able to impact the environment.

“Attackers are succeeding in hacking operations against ICS operators by breaking in and debilitating the business and demanding huge ransoms. Because many organisations now purchase cyber insurance, we are seeing an increase in the number of ransoms being paid as opposed to patching the holes in the network that enabled the hackers to gain access in the first place. These brazen intrusions will continue until the cost of the insurance becomes comparable to the cost of fixing the problem,” added Barak.

Tags: CybereasonIsrael Barakransomware
ShareTweet

Related Posts

ManageEngine appoints Sujoy Banerjee as UAE regional business director
Business

ManageEngine appoints Sujoy Banerjee as UAE regional business director

ManageEngine has appointed Sujoy Banerjee as its regional business director for the UAE. In this new role, Banerjee will oversee...

July 8, 2025
Omantel, UAE’s du launch high-capacity subsea cable
Future

Omantel, UAE’s du launch high-capacity subsea cable

Omantel and UAE's du have officially launched the Oman Emirates Gateway (OEG)—a 275-kilometre international fibre optic submarine cable system that...

July 8, 2025

Discussion about this post

Latest Issue

UAE announces AI-driven strategic planning cycle to accelerate 2031 vision

UAE announces AI-driven strategic planning cycle to accelerate 2031 vision

July 8, 2025
ManageEngine appoints Sujoy Banerjee as UAE regional business director

ManageEngine appoints Sujoy Banerjee as UAE regional business director

July 8, 2025
Omantel, UAE’s du launch high-capacity subsea cable

Omantel, UAE’s du launch high-capacity subsea cable

July 8, 2025

The most trusted source of strategic intelligence for IT decision makers in the Middle East.

About

  • About Us
  • Advertising
  • Digital Magazine
  • Supplements
  • Media Pack
  • Contact Us

Policies

  • Privacy Policy

© 2024 – CXO Insight Middle East. All Rights Reserved.

Facebook-f X-twitter Linkedin
Separated they live in Bookmarksgrove right at the coast of the Semantics, a large language ocean. A small river named Duden.

About

  • About Us
  • Site Map
  • Contact Us
  • Career

Policies

  • Help Center
  • Privacy Policy
  • Cookie Setting
  • Term Of Use

Join Our Newsletter

© 2024 – CXO Insight Middle East. All Rights Reserved.

Facebook-f Twitter Youtube Instagram

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Join our mailing list
Sign up here to get the latest news, updates and special offers delivered directly to your inbox.
No Result
View All Result
  • News
  • Opinions
  • Business
    • Industries
      • Transport
      • Retail
      • Government
      • Real Estate
      • Education
      • Energy
      • Banking and Finance
  • Channel
  • Future
    • Tech
    • Gadgets
    • Science
    • Space
    • Sustainability
  • Events
    • Channel Insights Summit 2025
    • Insight Innovation Summit
    • CX50 Oman
    • CXO50
    • ICT Awards
      • Dubai
      • Saudi Arabia
    • Cyber Strategists Summit
    • Cloud Connect 2025
    • Channel Awards 2023
    • All events
  • Videos
  • GITEX GLOBAL
  • Digital Magazine

© 2024 - CXO Insight Middle East. All Rights Reserved.