SecurityWeek reports that nearly 150,000 internet-exposed industrial control system devices worldwide could be compromised in cyberattacks, with the rate of online devices used as honeypots increasing from almost 15% in April 2024 to 25% in January 2025.
Honeypots have been identified with high confidence through the use of certain signatures, according to a report from Censys. Researchers have also been able to determine honeypots not only by examining ICS deployments' network type, with legitimate ICS connected to industrial networks, but also by assessing the number of open ports in devices, with the higher prevalence of exposed ports associated with higher odds of the device being a honeypot. "Our methodology and findings challenge previous ICS studies which either partially considered or completely overlooked honeypots, leading to an inflated number of detected exposed ICS devices. It improves the detection accuracy of vulnerable ICS devices and makes researchers aware of current pitfalls in detection methods," said researchers.
Honeypots have been identified with high confidence through the use of certain signatures, according to a report from Censys. Researchers have also been able to determine honeypots not only by examining ICS deployments' network type, with legitimate ICS connected to industrial networks, but also by assessing the number of open ports in devices, with the higher prevalence of exposed ports associated with higher odds of the device being a honeypot. "Our methodology and findings challenge previous ICS studies which either partially considered or completely overlooked honeypots, leading to an inflated number of detected exposed ICS devices. It improves the detection accuracy of vulnerable ICS devices and makes researchers aware of current pitfalls in detection methods," said researchers.
