Cybereasonâs Newest Honeypot Trapped Hackers Infiltrating Critical Infrastructure Networks to Carry Out Multistage Ransomware Attacks>
SF Gate
Cybereason, a leader in endpoint protection, today published findings from its newest honeypot that was created to analyze the tactics, techniques, and procedures used by hackers to target critical infrastructure providers.

The report titled âCybereasonâs Newest Honeypot Shows How Multistage Ransomware Attacks Should Have Critical Infrastructure Providers on High Alertâ is based on attacks to a network architecture masquerading as part of an electricity generation and transmission providerâs network, including an IT and OT environment and HMI (human machine interface) management systems. The environment employed customary security controls including segmentation between the different environments.

Once the honeypot went live, hackers compromised the network within three days by brute forcing the admin password, which had medium complexity. Attackers placed ransomware on every compromised machine early in the process but didnât detonate it immediately. After the other stages of the attack were completed (including data theft, user password stealing and propagation across the network), the attacker detonated the ransomware across all compromised endpoints simultaneously. This is a common trait to multistage ransomware campaigns, that is intended to amplify the impact of the attack on the victim.
Link: https://www.sfgate.com/business/press-releases/article/Cybereason-s-Newest-Honeypot-Trapped-Hackers-15333939.php