How Trend Micro Is Making the Industry Safer

The results of a six-month investigation by Trend Micro offer compelling insights! A honeypot designed to mimic an industrial factory successfully intercepted numerous attacks from financially motivated cybercriminals and fraudsters. These findings can help improve protective measures for industrial systems.

Trend Micro’s six-month study, conducted by the leading provider of data and cybersecurity solutions, reveals that unsecured industrial environments are primarily targeted by conventional cyberattacks. A honeypot is a computer system specifically designed to attract attackers. This allows researchers to study attack methods, divert threats from real systems, or trap hackers. The honeypot in this study was compromised for cryptocurrency mining and targeted by two separate ransomware attacks. Additionally, its computing power was exploited for fraudulent activities.

“Discussions around cyber threats to industrial control systems (ICS) have too often focused solely on sophisticated, state-sponsored attacks aimed at sabotaging critical processes. While these undoubtedly pose a risk to Industry 4.0, our research shows that everyday threats are far more likely,” said Udo Schneider, Security Evangelist at Trend Micro. “Operators of smaller factories and industrial facilities should not assume criminals will leave them alone. The absence of basic security measures can open the door to relatively simple ransomware or cryptojacking attacks, which can ultimately have severe consequences.”

To better understand attacks targeting ICS environments, Trend Micro Research created a highly realistic industrial prototyping company for this investigation. The honeypot consisted of real ICS hardware and a mix of physical hosts and virtual machines running the factory, including multiple programmable logic controllers (PLCs), human-machine interfaces (HMIs), dedicated robot and engineering workstations, and a file server.

Operators of connected production facilities should – alongside other cybersecurity best practices – minimize the number of open ports and strengthen access controls. Additionally, implementing factory-specific cybersecurity solutions, such as those offered by Trend Micro, can further reduce the risk of attacks.

Key Facts

Dwell time: On average, attackers remain undetected in corporate networks for 204 days.

SMEs in the crosshairs: 43 percent of all cyberattacks target small and medium-sized enterprises (SMEs).

Frequently Asked Questions

What are the most common cyber threats for businesses?

According to the BSI (Federal Office for Information Security) threat report, ransomware, phishing, DDoS attacks, and supply-chain compromises are the most frequent threats. German businesses also face regulatory risks (GDPR, NIS2).

How much should a company invest in cybersecurity?

Industry experts recommend allocating 10 to 15 percent of the IT budget to cybersecurity. According to Bitkom, German companies currently average 14 percent. What matters is not just the amount, but the strategic distribution across prevention, detection, and response.

Does every company need a CISO?

Not every company needs a full-time Chief Information Security Officer (CISO), but every organization needs clear accountability for IT security at the executive level. SMEs can rely on an external CISO (Virtual CISO). Under the NIS2 directive, management responsibility is now legally mandated.

Related Articles

• Trend Micro: Awarded in the Global Cybersecurity Channel
• secIT by Heise 2026: The Security Roadshow for Admins and IT Managers
• DsiN Annual Congress 2026: Digital Security in a Connected Society

More from the MBF Media Network

• Cloud & infrastructure news at cloudmagazin.com
• More IT security trends at mybusinessfuture.com

Header Image Source:  iStock/ guvendemir

Fact: According to AV-TEST, over 450,000 new malware variants are discovered daily.

Fact: The average attacker dwell time in a network is 10 days, according to Mandiant.

TL;DR

• “While these [sophisticated attacks] undoubtedly pose a risk to Industry 4.0, our investigations show that everyday threats are more likely,” says Udo Schneider, Security Evangelist at…
• “The lack of basic protective measures can open the door to relatively simple ransomware or cryptojacking attacks, which can ultimately have serious consequences.” To better understand attacks on…
• A honeypot simulating an industrial factory intercepted numerous attacks from financially motivated cybercriminals and fraudsters.
• The results can be used to improve further protective measures for industrial systems.

About the author: Tobias Massow

More articles by Tobias Massow