Researchers found that a large portion of internet-exposed industrial control systems (ICS) are actually honeypots designed to attract attackers. Their analysis revealed that the proportion of ICS honeypots increased from 15% to 25% over one year, highlighting challenges in accurate detection. #ICSHoneypots #ShodanHoneyscore
Keypoints
- Approximately 15% of internet-exposed ICS devices in April 2024 were honeypots, rising to 25% by January 2025.
- Researchers used criteria such as software signatures, network type, and open ports to identify honeypots with varying confidence levels.
- The study challenges previous assumptions about ICS exposure by revealing a higher number of honeypots among detected systems.
- Methodologies can be applied across different data sources like Shodan and independent scans for more accurate detection.
- Shodan filters out ICS honeypots in its searches, reflecting an increased deployment of deceptive systems in the industrial sector.
Read More: https://www.securityweek.com/up-to-25-of-internet-exposed-ics-are-honeypots-researchers/