ICS Honeypot Hijinks: 25% of Exposed Systems Aren’t What They Seem!

Honeypots are outsmarting hackers and researchers alike! A study by Norwegian and Dutch universities found 25% of exposed industrial control systems online are actually decoys. Using the Censys engine, they dissected 150,000 systems, revealing honeypots are on the rise. This challenges past studies and enhances ICS detection accuracy.

3P
Published: May 21, 2025 9:37 amAdded: May 21, 2025 at 3:19 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Who knew industrial control systems were such a popular theme for “pretend play”? With a quarter of ICS devices posing as honeypots, it’s like the cybersecurity world’s version of “Where’s Waldo?” — except instead of Waldo, we’re looking for real ICS devices through a sea of decoys. Happy hunting, hackers!

Key Points:

  • Researchers found that 25% of ICS devices detected by internet scans are honeypots.
  • The study analyzed data from Censys and can be applied to other sources like Shodan.
  • Honeypot detection involves analyzing software signatures, network types, and open ports.
  • The study challenges previous ICS research methodologies and aims to improve detection accuracy.
  • Honeypot prevalence varies by protocol, with simpler services having more decoys.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?