Faking smart industry: exploring cyber-threat landscape deploying cloud-based honeypot

The digital evolution of Industry 4.0 enabled Operational Technology infrastructures to operate and remotely maintain cyber-physical systems bridging over IP communications. It has also expanded new attack surfaces and steadily increased the number of malicious cyber incidents for the interconnected smart critical systems. Within Industrial Control System (ICS), Programmable Logic Controller plays a crucial function to bridge between cyber and physical environments which made them the victim of sophisticated cyber-attacks that are designed to interrupt and damage their operations. Honeypots have been used as a key tool for aggregating real threat data e.g., malicious activities and payloads, to observe and determine different attack methods and strategies that can easily affect poorly secured cyber-physical systems. In this study, we deployed scalable low-interaction honeypot in Amazon Elastic Compute Cloud (AWS EC2) instance across six different regions to determine the current threat landscape as well as how knowledgeable and ingenious threat actors could be in compromising internet-facing ICS. This work is an extended version of our work published in 14th EAI International Wireless Internet Conference.