Earlier this year, Cybereason launched its latest honeypot to analyze the tactics, techniques, and procedures used by state-sponsored groups and cyber crime actors to target critical infrastructure providers. This honeypot was a follow up to a previous successful honeypot launched two years ago in 2018 looking at the same industry. The honeypot was built to look like an electricity company with operations in North America and Europe. In this new research, the Cybereason team identified multiple attackers executing ransomware operations involving data theft, the stealing of user credentials, and lateral movement across the victims network to compromise as many endpoints as possible. This includes critical assets like the domain controllers, which could take between several minutes to several hours to properly infiltrate.
The honeypot is a clear example of why governments must invest heavily in cybersecurity for critical infrastructure. Such attacks have been a worrying trend for several years. President Obama recognised the problem and signed an executive order to enhance critical infrastructure security in 2013. Infrastructure is high on the target list of nation-state actors because a successful attack could cripple a very large area and affect thousands or even millions of people. Major utilities like water, energy, communication, and transportation are all under threat of cyber attacks. Defending against these attacks requires high standards of both operational, physical, and information security.