A Honeypot (honey jar in literal translation) is a tool that has the function of purposely simulating security flaws in a system and collecting information about intruders.
Through a set of systems it is possible to simulate in cyberspace a real environment to assess which methods are used by criminals and, thus, identify how the attack is made to discover the profile of the attacker, which is different in each industrial branch, and what tools he uses to commit crimes. “It is possible to create a complete environment of an industrial network exposed on the web, without the attacker realizing that he is not even invading a real target”, explains Marcelo Branquinho, CEO of TI Safe, and adds: “While the hacker he believes he is doing well by invading a large industry, all the alleged attack is monitored ”, he reveals. In this way, TI Safe is able to profile the attacker and understand in detail the operating modes of each one, where the attack comes from, which domains, etc. “We developed a Honeypot, with virtual machines with open IPs, that simulates industrial communication, we reproduce PLC interfaces and other industrial systems and with that we are able to identify the attack patterns and configure our customers' defense systems for real situations”, he explains Marcelo.
The hackers who attacked the honeypot do no real damage, but the experiment demonstrates how critical infrastructures need to be strong enough to prevent unwanted intrusions, designing and operating networks with resilience.