Our factory had three How we created a virtual computers and one physical one. The virtual computers were used for plant management, a palletizer robot, and as a workstation for a PLC software engineer. The physical computer acted as a file server.
In addition to monitoring attacks on PLCs, we wanted to phone number lead monitor the state of the programs loaded on our devices. To do this, we created an interface that allowed us to quickly determine how the states of our virtual actuators and installations had changed. Already at the planning stage, we discovered that it was much easier to implement this using a control program than by directly programming the controller logic. We opened access to the device management interface of our honeypot via VNC without a password.
Industrial robots are a key component of modern intelligent manufacturing
In this regard, we decided to add a robot and an automated workplace for its. Control to the equipment of our trap factory. To make the “factory” more realistic, we installed real software on the control workstation, which engineers use to graphically. Program the 5 signs your inventory control isn’t ready for black friday robot’s logic. Well, since industrial robots are usually located on an isolated internal network, we decided to leave unprotected access via VNC only to the control workstation.
Indescribably attractive: how we created a pot of honey that can’t be displayed
RobotStudio environment with a 3D model of our robot. Source: Trend Micro
We installed the RobotStudio programming environment from ABB Robotics on a virtual machine with a workstation for controlling the robot. After configuring RobotStudio, we opened a simulation file with our robot in it so that its 3D image was visible on the screen. As a result, Shodan and other search engines, upon detecting an unsecured VNC server, will grab this screen image and display. It to those searching for industrial robots with open access for control.
The point of this attention to detail was to create an attractive and realistic target for attackers who, once they find it, will return to it again and again.
Engineer’s workstation
To program the PLC logic, we added an engineering saudi data computer to the infrastructure. It has industrial PLC programming software installed on it:
TIA portal for Siemens,
MicroLogix for Allen-Bradley Controller,
CX-One for Omron.
We decided that the engineering workspace would not be accessible from outside the network. Instead, we set the same password for the administrator account as. On the robot control workstation and the factory control workstation, accessible from the Internet. This configuration is quite common in many companies.
Unfortunately, despite our best efforts, no attackers reached the engineer workstation.