Using a modern honeypot model to defend smart cities and provide early detection to APT and ransomware attacks

Ransomware and advanced persistent threat (APT) attacks are proliferating on critical infrastructure in cities and nation-states. Holding a whole smart city for ransom using a combined cyberattack would, just a few years ago, have been the stuff of science fiction movies. Yet today sophisticated hacking techniques, the ease of use and availability of RaaS (Ransomware as a Service) and the vast vulnerabilities of computer systems, web applications, databases and various IoT-connected devices exposed in the wild are all creating a significant challenge for security teams. Such a movie may become reality. Some security teams in various sectors use active defense technology and deception security to deceive, trick bait, and lure hackers towards fake assets. Regardless of vulnerabilities in the wild, it helps detect the breach at an early stage and allows faster threat remediation before it is too late. In this study, we use a descriptive literature review to explore various real-life breach cases which occurred in smart cities. We use content analysis to detect similarities, patterns, significant correlations, and relationships between keywords. A synthesis analysis is conducted and the modern honeypot triangle model is suggested to reduce the risk of future similar breaches by deceiving cybercriminals and providing security teams with extensive early warning detection capabilities and intelligence about the attackers techniques and tactics. Finally, we provide recommendations for further analysis.