Thank you for visiting nature.com. You are using a browser version with limited support for CSS. To obtain the best experience, we recommend you use a more up to date browser (or turn off compatibility mode in Internet Explorer). In the meantime, to ensure continued support, we are displaying the site without styles and JavaScript.
Advertisement
Scientific Reports volume 15, Article number: 3904 (2025)
Metrics details
The rapid proliferation of Internet of Things (IoT) devices has brought about a profound transformation in our daily lives and work environments. However, this proliferation has also given rise to significant security challenges, as cybercriminals increasingly target IoT devices to exploit vulnerabilities and gain access to sensitive data. This escalating threat landscape poses a severe issue across diverse domains where IoT is deployed, including agriculture, healthcare, and surveillance. In the realm of agriculture, where farmers have historically contended with pests and environmental challenges, a new adversary has emerged in the form of cyber criminals. The agriculture sector has witnessed a surge in cyber-attacks targeting smart agriculture solutions despite being a relatively recent addition to the industry. Farmers may not have control over the actions of cyber adversaries, but they possess the ability to make informed purchasing decisions when adopting smart farming solutions and implementing fundamental security measures, such as robust user credentials and regular system updates. In this regard, this research introduces a groundbreaking approach to addressing the cybersecurity concerns associated with smart agriculture–deception technology. Overall, deception technology involves the creation of deceptive elements, including decoys, traps, and false information, designed to divert cybercriminals away from genuine data and systems where this research presents a novel cyber threat intelligence platform that leverages deception technology to assess and mitigate the risks associated with smart agriculture as the first of its kind research. Based on the insights derived from the experimental work, actionable recommendations would be provided to relevant stakeholders on how to mitigate cyber risks and bolster the security posture of IoT-enabled smart agriculture. Overall, this innovative approach represents a significant step towards safeguarding the increasingly interconnected world of smart agriculture, offering a promising avenue for defending against the escalating cyber threats faced by this vital industry.
The Internet of Things (IoT) has revolutionized the way we live and work, but its rapid growth has also created significant security challenges. As IoT devices become more prevalent, they have become a prime target for cybercriminals seeking to exploit vulnerabilities and gain access to sensitive data1,2. Even though there are a variety of countermeasures available, day by day, the attacks that target IoT are growing at an exponential rate2. This surge in attacks is not confined to general IoT applications; it has permeated specific domains, including agriculture. Over the years, farmers have had to defend their fields against a wide range of parasites, from insects with six legs to wild boars and elephants. However, the emergence of cyber-attacks, marked by a surge in attacks on smart agriculture, adds a new layer of complexity and risk to the agricultural landscape3.
The implementation of diverse, interconnected IoT devices and the corresponding infrastructure has introduced a multitude of susceptibilities into the smart agriculture ecosystem. Conversely, due to inadequate investments in cybersecurity by domain-specific organizations, these vulnerabilities and the hazards they entail are not currently adequately addressed2,3. Nonetheless, the issue will be further compounded by the solution manufacturer’s inadequate knowledge and resources3. Overall, the attackers can take advantage of these vulnerabilities to remotely control and interrupt data coming from and to on-field sensors and autonomous vehicles used in agriculture, leading to disastrous implications4,5. The collective term for these massive, coordinated cyber-attacks is called cyber agroterrorism3,4,5.
The most recent reports from the Federal Bureau of Investigation (FBI) indicate that agriculture cooperatives are particularly susceptible to strategically timed ransomware attacks during the planting and harvesting seasons4,5. Such attacks could potentially lead to financial losses and food shortages while also compromising sensitive information and disrupting operations. During the harvesting season in 2021, a ransomware attack was conducted against JBS, a major meat processing company, as well as two grain purchasers in the United States. Following these large-scale cyber-attacks, cybersecurity in agriculture and agribusiness became a prominent subject in 20214,5. It is evident that security and privacy are now paramount concerns in the realm of smart agriculture, where cutting-edge technologies like IoT devices, sensors, and data analytics play a crucial role in optimizing agricultural processes6,7. Robust security measures, including encryption, authentical protocols, and regular software updates, are essential to protect the interconnected network of devices8. On the other hand, ensuring privacy involves clear data collection and usage policies, giving farmers control over their information6,7,8. Thus, striking a balance between harnessing the benefits of smart agriculture and safeguarding the security and privacy of both farm operations and personal data is fundamental to building a sustainable and trustworthy digital farming ecosystem6,7,8.
In light of these escalating cyber threats in smart agriculture, where the vulnerabilities are growing at an alarming rate4,5 farmers find themselves facing challenges beyond their control. While they may not have direct influence over the actions of cybercriminals, they wield significant power in shaping their own defences. Farmers can exert control over their purchasing decisions, especially when acquiring smart farming solutions, by implementing primary-level security controls, such as employing robust user credentials and ensuring regular updates of these solutions.
Understanding how cybercriminals exploit vulnerabilities within smart agricultural ecosystems is crucial for strengthening the overall security and privacy measures. This results in a more streamlined and effective strategy for mitigating prospective attacks, as exploitation attempts can be thwarted prior to their initiation. In this regard, this chapter presents a novel deception technology-based cyber threat intelligence platform for evaluating the risks associated with smart agriculture as the first-of-its-kind research. Overall, deception technology offers a novel approach to cybersecurity, providing a solution to secure IoT-enabled smart solutions. By creating decoys, traps, and false information, this technology can divert cybercriminals away from real data and systems. Building on this premise, a novel cyber threat intelligence platform would be developed to assess the risks associated with smart agriculture, constituting the first-of-its-kind research endeavour. This platform will be integrated with a cloud-enabled smart agricultural setup and a tomato plantation with the primary goal of creating a controlled yet vulnerable ecosystem for evaluation, considering the inherent risks associated with smart agricultural solutions. Based on the insights derived from the experimental work, recommendations will be provided for relevant stakeholders to mitigate cyber risks associated with smart agriculture. The results of the experiment promise to be invaluable for farmers, organizations, and nations embracing smart agricultural solutions, offering practical guidance in navigating the complex landscape of cybersecurity in modern agriculture.
The key contributions of the chapter are:
Design of a novel deception technology based cyber threat intelligence platform to derive threat intelligence data and evaluate the risks associated with smart agriculture.
Design of a validation setup to further validate the results obtained from the cyber threat intelligence platform.
Based on the threat intelligence data, provide actionable recommendations for stakeholders to mitigate the impact of potential cyber-attacks.
The remainder of the chapter is organized as follows. Following the introduction, section two provides a brief overview of the cyber security aspect of smart agriculture and deception technology. Subsequently, section three provides the steps involved in designing the novel cyber threat intelligence platform, whilst experimental results and validation phases are highlighted in section four with the recommendations for mitigation. Finally, the concluding remarks are highlighted in section five.
To provide a preamble to the proposed cyber threat intelligence platform, this section provides a brief overview of cyber security within the context of smart agriculture and elucidates the concept of deception technology.
Due to its extensive reliance on the IoT and other associated technologies, smart agriculture is inherently susceptible to various risks, including but not limited to data breaches, unauthorized access, and cyber-attacks3,4,5. The comprehensive acquisition and analysis of data, encompassing environmental conditions and crop patterns, augments not only agricultural efficacy but also introduces new vulnerabilities endangering the underlying ecosystem6,7,8,9,10, where these vulnerabilities have the potential to compromise agricultural processes and compromise security and privacy6,7,8. Thus, it is imperative to institute robust security measures to safeguard this vulnerable ecosystem. Overall, confronting these challenges is crucial to preserving confidence in smart agricultural practices and ensuring the continued advancement of this technology-oriented industry.
In general, many stakeholders involved in the agriculture industry may have limited awareness and understanding of cybersecurity threats8,9,10,11. This deficiency renders them more susceptible to attacks and less likely to implement proper cybersecurity measures12,13,14,15,16. Compounded by the time-sensitive nature of agriculture outputs, cybercriminals may exploit the system’s vulnerabilities by targeting the industry for ransom during critical harvesting season when crop yields are at stake4,5,12. Looking ahead, understanding the risk vectors that make the smart agriculture ecosystem susceptible to cyber-attacks becomes essential. According to references4,5,12,16,17,18,19,20, it is evident that the modernity of employed smart technologies, vulnerabilities present in smart agricultural equipment, and the lack of adequate awareness about cyber security measures are key risk vectors that endanger the smart agricultural ecosystem.
Utilizing one of the entry points created by connected smart devices, cybercriminals can compromise a smart agricultural solution and exploit flaws at multiple layers that the IoT in smart agriculture is made out of, such as physical, network, middleware, and application layers. Existing research on cybersecurity in IoT has primarily focused on areas other than agriculture, such as healthcare and smart cities1,11,12,21,22,23,24, with limited studies focusing on smart agriculture. On the other hand, among the available limited studies, they lack exploration into areas such as deception technology and threat intelligence. This research is motivated by the necessity to fill this gap, considering the unique data, critical infrastructure, and unique operational security assessment required for smart agriculture. To provide a better overview, Table 1 summarizes the current state of the art pertaining to the security and privacy of smart agriculture, highlighting whether it is a research or a survey study and the scope of the study.
From the reviewed literature, it is evident that the majority of the research is limited to surveys or reviews, whereas only a few studies focus on researching the security aspect of smart agriculture. Nonetheless, none of the studies reviewed focused on cyber threat intelligence for smart agriculture, highlighting a critical gap in the existing research landscape.
Having provided a brief overview of cyber security of smart agriculture summarizing the latest literature available, the next section presents a brief discussion about deception technology before moving into the development of the novel deception technology based cyber threat intelligence platform.
Deception technology involves deploying decoys, false information, and traps to proactively detect cyber threats16. This approach employs tactics like honeypots, deceptive files, credentials, network traffic, and emails to mislead attackers and trigger alerts when they interact with these fabricated assets16,17. Overall, by identifying threats in their early stages, organizations can gain insights into attacker tactics and intentions, enhancing their cybersecurity posture and incident response capabilities16,17,18. On the other hand, while implementing deception technology-based tactics, careful implementation is essential to ensure that legitimate operations are unaffected and that the deceptive elements don’t introduce new vulnerabilities16,17,18. Further, this technology not only helps in reducing false positives but also engages attackers to reveal more complex strategies, contributing significantly to threat intelligence20,21,22,23,24. Nonetheless, it is especially effective as it adapts to evolving threats while remaining a legal and ethical method of cyber threat intelligence gathering, thus enhancing an organization’s ability to detect, understand, and mitigate cyber threats at early stages.
In the context of smart agriculture, deception technology can be harnessed to detect cyber-attacks effectively. By deploying decoys, deceptive data, and fabricated assets that mimic critical components of agricultural systems such as IoT devices, data storage servers, sensors, and control systems, organizations can divert attacker’s attention from real assets3,16,17,18,35,36,37,38. For instance, setting up a honeypot server that archives IoT sensing data or simulated crop monitoring networks can attract attackers and trigger alerts when they engage with these deceptive elements. Any unauthorized interactions with these decoys can provide early indications of cyber threats targeting smart agricultural infrastructure. This approach allows agricultural organizations / relevant stakeholders to gain insights into attacker’s methods, protect real assets, and bolster the security of their smart farming ecosystem.
This research aims to develop a novel cyber threat intelligence platform pertaining to smart agriculture. The key steps involved in the development of the proposed platform are depicted in Fig. 1.
Key steps involved in the design of a novel cyber threat intelligence platform.
To execute the experiment, firstly, an agricultural ecosystem would be designed from the sketch, and secondly, a deception technology-based decoy would be integrated with the designed ecosystem to lure the attackers. The next step involves gathering threat intelligence data and then interpreting the results. The last step involves validation of the results through developing another validation setup. A high-level diagram of the proposed cyber threat intelligence platform is depicted in Fig. 2, which includes the smart farming ecosystem and cloud infrastructure. The upcoming subsections briefly elaborate on each of the steps involved in the methodology.
A high-level diagram of the designed cyber threat intelligence platform.
The first step of designing the cyber threat intelligence platform involves the creation of a comprehensive smart farming ecosystem, employing a smart agricultural setup that incorporates a cloud-enabled infrastructure; to deploy in a tomato plantation. For simulating the tomato plantation, plants were grown in the lab environment, and following the germination period strongest plants were chosen and moved to planting pots inside a greenhouse as depicted in Fig. 3. The experiment was done in Brunei, a location with a tropical climate and environmental circumstances that closely align with the requirements of tomato plants. Therefore, tomato plants were selected as the subject of this experiment. Overall, the main objective of the designed ecosystem is to mirror the intricate operations of a modern smart agricultural ecosystem. The designed smart agricultural setup (depicted in Fig. 3) encompasses:
IoT sensors that capture pertinent soil and environmental data.
Arduino Uno and NodeMCU microcontrollers that collect data from the IoT sensors, analyze and present the findings, and transmit the data to the cloud for additional processing and analysis.
Thinger.io open-source cloud platform that allows for data visualization, analytics, and actuator control.
An irrigation system comprising three peristaltic water pumps which can be controlled through the cloud.
The designed smart agricultural setup deployed on a tomato plantation.
The IoT sensors included in the smart agricultural setup are presented in Table 2 with their purpose.
The pH sensor, CO2 sensor, LDR sensor, LED indicators, and Ultrasonic sensor were attached to the Arduino UNO microcontroller, whilst the capacitive soil moisture sensor, DHT-11 sensor, DS1820 module, and RTC module were attached to the NodeMCU. Then, a serial communication gateway between the UNO and Node MCU was also opened to allow the UNO to send sensor data to the NodeMCU to dispatch the data to the cloud via its Wi-Fi connection. The two-channel direct current 5 V relay module was used to control and automate the irrigation system, enabling control of them over the cloud. Three water pumps were parallelly connected, where one connection end was connected with the relay. Before deploying, the pH sensor, CO2 sensor, capacitive soil moisture sensor, and all remaining sensors were tested for their measuring accuracy. The ultrasonic sensor was attached to the top of a PVC pipe set up and was used to measure the height of the plant as an indication of plant growth. A Wi-Fi connection was used to stream sensor data to Thinger.io every five seconds, as well as to receive data from the cloud.
Overall, the experiment spanned 21 days, from 31st January 2023 to 21st February 2023, strategically chosen during the mature fruiting stage of the tomato plants, a crucial time in the agricultural process, and, hence, would attract interest from cyber-attackers. Next, the smart agricultural setup was configured to send the data to the AWS IoT core instead of Thinger.io, which is a managed cloud service that facilitates secure interactions between connected devices and cloud applications19. Subsequently, an AWS IoT rule was established to seamlessly direct the gathered IoT sensing data to the Amazon DynamoDB, a versatile NoSQL database designed for cloud-based storage of diverse data types19. This step marks the completion of the foundational design for the smart farming ecosystem.
Upon gathering data from the IoT sensing devices, the system ensures a consistent flow, transmitting the collected data to AWS IoT Core every five seconds. From there, the data is routed to DynamoDB for archival purposes. By focusing on the functionality and interconnected capabilities of the smart agricultural system, these steps establish a robust foundation for subsequent experimentation and in-depth analysis.
To lure potential attackers targeting the smart farming ecosystem, a purpose-built honeypot server was created to emulate the behavior of a vulnerable smart farming data storage server. In essence, a honeypot server is a deceptive and controlled system strategically set up within a network to mimic legitimate servers, effectively luring potential cyber attackers20,21,22. Its primary function is to vigilantly monitor and detect unauthorized or malicious activity, offering early warnings of potential security breaches16,18,20. By attracting attackers and logging their actions, honeypot servers serve as invaluable tools for cybersecurity research, enabling experts to analyze the tactics, techniques, and procedures employed by cybercriminals21,22. They offer diversity in mimicking various systems and services and are generally considered legal and ethical, contributing proactively to cybersecurity by enhancing threat detection and network protection16,17,18.
In general, honeypots can be categorized based on their interaction level and purpose16,17,18,19,20. Low-interaction honeypots, mimicking basic services, are faster to build and suitable for detecting automated attacks such as worms. On the other hand, high-interaction honeypots provide real operating systems for in-depth study of complicated attack patterns but demand more resources20,21,22. Research honeypots are typically employed in university or research environments to collect intelligence on attack tactics, while production honeypots are integrated into business networks to improve security20,21,22. Specialized forms, such as client honeypots actively seeking out malicious servers targeting client applications, server honeypots attracting attacks aimed at server vulnerabilities, spam honeypots analyzing spam emails, and other specialized forms of honeypots, including database and IoT honeypots, are designed to mimic specific environments16,17,18,19,20.
The T-Pot honeypot used in this research is an open-source honeypot framework designed for cybersecurity research and threat intelligence gathering20. This comprehensive honeypot system provides a platform for simulating various types of network services and systems, attracting and monitoring malicious activity. T-Pot integrates several honeypots, IDSs (Intrusion Detection Systems), and IPSs (Intrusion Prevention Systems) to create a comprehensive security solution. Overall, it includes a wide range of honeypot components such as Dionaea, cowrie, glutton, and more, allowing it to mimic different network assets and services20. On the other hand, it also includes various IDSs/IPSs, such as Suricata, Snort, and Bro (now Zeek), to detect and respond to network threats and anomalies. This diversity makes it a valuable tool for studying and analyzing the tactics, techniques, and procedures of cyber attackers, capturing and logging their interactions20. Utilizing custom docker containers for various protocols that emulate common exploitable services, T-pot centralizes all logs in an elastic stack, offering the administrator a comprehensive front-end view of all attacks against each service20,21. Table 3 provides a brief overview of key honeypot docker images offered by T-Pot. Widely used by cybersecurity professionals and researchers, T-Pot is chosen for its efficacy in understanding emerging threats and improving network defenses, making it the ideal honeypot server for designing the vulnerable ecosystem in this research.
The next step involves deploying T-pot into the Amazon Elastic Compute Cloud (EC2) instance, a web service that can be used to create and run virtual servers in the cloud19. As the research is designed to gather data for 21 days, with anticipation of a significant volume of cyber-attacks, an Amazon EC2 server with the specifications depicted in Table 4 was used.
Upon the successful configuration of the virtual machine with the above specifications highlighted in Table 4, the T-pot was deployed in the virtual machine as a standard edition. Following the successful installation of the T-pot, an Identity and Access Management (IAM) role was created to grant EC2 server read-only access to DynamoDB via the Amazon Management Console. This configuration ensures that the EC2 server can only read the archived IoT sensing data stored in the Amazon DynamoDB. Subsequently, the hostname of the honeypot server was permanently changed to “Smart Agri Server” to enhance its allure to potential attackers.
In order to expose our created smart farming ecosystem to the outside world through the Internet, thereby allowing the T-Pot to start tracking cyber-attacks, the AWS EC2 security group was updated. Thus, inbound network rules were changed according to the following order.
TCP port 64,295 – this is reserved for SSH access (access is limited only to our public IP).
TCP port 64,297 – this is reserved for the T-Pot web interface (access is limited only to our public IP).
TCP and UDP ports 1–64,000 – all these ports were open for everything else (allow this for everyone)
The IAM role was assigned to grant read-only access to the EC2 server, ensuring that, even in the worst scenarios, the attacker would only have access to read the archived IoT data. T-Pot, being a sophisticated honeypot system, is designed to isolate the honeypot environment from the actual network20. This means that even if an attacker compromises the honeypot, they should not be able to use it as a stepping stone to access real systems or data in the designed smart farming ecosystem.
After the completion of the platform design, it underwent a 21-day monitoring phase to gather essential threat intelligence data. Throughout this observation period, the progress of the honeypot server was monitored by accessing the T-Pot web interface every two days. Once the information was logged into the T-Pot honeypot, numerous visualization options became available through Elastic Stack. The Elastic Stack is a set of open-source tools for data ingestion, enrichment, storage, analysis, and visualization20. Figure 4 depicts a customized dashboard created using Elastic Stack, which categorizes the received attacks based on a variety of criteria. Following the accumulation of data over the 21-day period, the gathered data was analyzed and then further validated, where the findings are presented in the subsequent section. Overall, this comprehensive approach ensures a thorough understanding of the threat landscape and contributes to the robustness of the cyber threat intelligence platform.
A customized visualization dashboard on T-Pot.
The intention of this section is to analyze the gathered threat intelligence data, explain the procedures involved in the validation, and provide recommendations based on the insights derived.
The T-Pot was strategically designed to attract and deceive cyber attackers by presenting a network of open ports that appear to be running vulnerable services19,20. Cyber attackers typically attempt to access systems through open ports by exploiting vulnerabilities or employing brute-force methods to access systems. The honeypot server was specifically set up to capture these attempts and log these data. Throughout the observation period, a total of 700,000 plus attacks were recorded, all directed at exploiting the designed smart farming ecosystem. Overall, all these attacks can be commonly categorized into several types as follows20,21:
Port scans: The honeypot could be scanned by attackers in order to detect vulnerable ports and services.
Reconnaissance: The honeypot could be utilized by attackers to collect data pertaining underlying network, including operational services, operating systems, and possible vulnerabilities.
Exploit attempts: Attackers might attempt to exploit known vulnerabilities in the underlying honeypot software or operating system.
DoS Attacks: Attackers may attempt to overwhelm the honeypot with traffic, rendering it unavailable to legitimate users.
Malware delivery: Attackers may exploit the honeypot to spread malware to other systems on the network.
Privilege escalation: Attackers may attempt to get higher privileges on the honeypot system, allowing them to access additional resources.
This section provides insight into the nature of these observed attacks on the designed smart farming ecosystem. Figure 5 showcases the resource consumption/status of the employed cloud server during the observing period. Overall, it was noted that there was a high volume of attacks during the middle of the observed period, as attackers took some time to exploit vulnerabilities and launch the attacks. Notably, a surge in attack volume was observed in the middle of the observation period, coinciding with increased network traffic both into and out of the server. This increase is attributed to the heightened interaction of cyber attackers with the honeypot server, resulting in a dynamic and informative pattern of resource consumption and network activity.
Status of the cloud server during the observed period.
Table 5 presents attacks observed based on the attack-originating country (only the top ten results are highlighted). According to the results, the majority of attacks originated from China, the United States, and Russia, which can be attributed to a variety of factors such as their large populations, advanced technological infrastructures, and allegations of state-sponsored cyber activity15,16,17,18,19.
The pie chart depicted in Fig. 6 highlights the distribution of attacks by country, which clearly shows three-fourths of the attacks were originated from China, the United States, and Russia.
Distribution of attacks by country.
Table 6 presents the number of attacks received by each honeypot employed in T-Pot (only the top ten results are highlighted). According to the results, most of the attackers are trying to exploit TCP and UDP services, as Ddospot, Tanner, and Honeytrap are emulating vulnerable TCP and UDP services to lure the attackers20.
Table 7 presents the attacks observed based on the Autonomous System Number (ASN), which belongs to worldwide cloud/telecom service providers. Because ASNs relate to corporations, data centers, and Internet service providers, cyber-attacks frequently appear to come from them, according to the results observed during the research. Attackers employ these service providers to exploit vulnerabilities, employ compromised resources within ASNs for distributed attacks, and conceal their actual locations through proxies and VPNs. As such, hosting providers who employ ASNs may unwittingly host harmful information, giving the impression that cyber attacks are coming from such institutions, allowing attackers to conceal their true identity.
Table 8 presents the number of attacks received based on the attacker source IP reputation. In general, attacker source IP reputation refers to the assessment of the trustworthiness or risk level associated with an IP address that is the source of cyber-attacks or malicious activities21,22,23,24. It involves evaluating the historical behavior and activities of an IP address to determine whether it has been involved in malicious actions, such as launching cyber-attacks, distributing malware, or engaging in fraudulent activities21,22,23,24. According to the results obtained, it is evident that while the majority of the attacks originated from unknown sources, some of the attacks received were already known based on the originating IP address. Overall, T-Pot is involved with several databases to compare and cross-reference IP addresses in real-time, helping to identify known attackers and potential threats21,22,23,24.
Table 9 presents the top ten usernames and passwords attempted by attackers whilst executing brute force attacks. To acquire illegal access to systems, brute force attackers use a variety of usernames and passwords. These credentials frequently include default usernames and passwords provided by manufacturers or administrators, common usernames such as “admin” or “root,” dictionary words, predictable patterns like “password” or “123,456,” personal information, and common passwords25,26,27,28. According to the results obtained, it is evident that the majority of the username and password attempts included default usernames and passwords set out by the device manufacturers/solution providers (e.g., root is the username for UNIX-based operating systems).
Table 10 presents the number of attacks received based on the destination port targeted. According to the attacks observed, it is evident that attackers target specific ports, such as 80 (HTTP), 123 (NTP), 53 (DNS), 5900 (VNC), and 445 (SMB), for various reasons. Port 80 is exploited for web server vulnerabilities and phishing, whereas port 123 has been used for NTP amplification attacks. On the other hand, port 53 is abused for DNS amplification and hijacking, whereas port 5900 is targeted for remote desktop access. Port 445 is known for SMB exploitation and was infamously used by the WannaCry ransomware. These ports are attractive to attackers due to their prevalence and associated vulnerabilities.
Table 11 presents the distributions of attackers Operating Systems (OS), and the number of attacks based on the “P0f.”; which is a passive operating system fingerprinting tool that is used to identify the operating systems of devices on a network by analyzing network traffic passively. Overall, the accuracy of OS identification by P0f. depends on the characteristics of the network traffic. According to the obtained results highlighted in Table 10, most of the attacks were received from devices that run Linux-based operating systems. This indicates that most cyber attackers employ Linux-based OS’s for executing their malicious activities.
Table 12 represents alert signatures captured by the Suricata, which is an IDS capable of monitoring and analyzing network traffic for potential security threats. In general, Suricata generates alerts when the IDS detects network events or patterns that match known attack signatures or behavior patterns indicative of an attack20. These alerts can include information about the source and destination IP addresses, ports, the type of attack detected, and other relevant details.
Overall, the following are the key findings derived from the analyzed threat intelligence data.
The majority of attacks originated from China, the United States, and Russia, which can be attributed to their large populations, advanced technological infrastructures, and allegations of state-sponsored cyber activity.
Most of the attackers are trying to exploit TCP and UDP services to gain unauthorized access, compromise systems, or launch various types of cyberattacks.
Attackers employ various tactics to conceal their actual locations/identities through proxies, VPNs, and employing compromised resources belonging to reputed Internet service providers.
The majority of the attacks originated from unknown sources, where some of the attacks received were already known based on the originating IP address.
The majority of the username and password attempts attackers tried included default usernames and passwords set out by the device manufacturers/solution providers.
Attackers prefer to target specific network ports due to their prevalence and associated vulnerabilities.
Having interpreted the insights obtained from the cyber threat intelligence platform, to further validate the results obtained, another platform was designed employing a Raspberry Pi device instead of the cloud, as while configuring the smart farming ecosystem, it provides limited autonomy over configurations since cloud infrastructure is owned by service providers. The main intention of having this validation setup is to prove that even without cloud infrastructure, the smart farming domain is still vulnerable to cyberattacks. As this research was conducted in Brunei and owing to the reason Brunei telecom service providers don’t allow port forwarding, this experiment was carried out in Sri Lanka during the time from 22nd September 2023 to 6th February 2023. The key steps of designing the validation setup are similar to the first three steps (highlighted in Fig. 1) for designing the cyber threat intelligence platform, which is explained further in the next section.
Toward designing the underlying smart farming ecosystem for the validation platform, tomato plants were grown from the beginning, and the plants that were in the vegetative period (plants that were one month old) were chosen for designing the ecosystem. A separate smart agricultural setup was designed that comprised NodeMCU as the main microcontroller, capacitive soil moisture sensor, and DHT11–temperature and humidity sensor, as the main sensors for validation setup. The experiment was carried out from 01st November 2023 to 21st November 2023 for 21 days.
The first step involves choosing a Raspberry Pi 4 device with the following specifications (highlighted in Table 13 ) for archiving the sensing IoT data and deploying a honeypot decoy. Afterward, Raspberry Pi was configured to install Raspberry Pi OS Lite and provide SSH access. Next, Mosquitto MQTT broker was installed on the Raspberry Pi to make it an MQTT broker, and then the NodeMCU was configured as an MQTT publisher, which publishes the sensing IoT data every five seconds of time to the MQTT subscriber, configured on Raspberry Pi device.
Similar to the previous experiment, to create the honeypot server, the opencanary honeypot tool was used to deceive potential attackers by mimicking vulnerable systems or services on a network. It is designed to mimic vulnerable systems or services, such as network-attached storage (NAS) devices, web servers, or IoT devices, in order to attract and deceive potential attackers3,28,35,36,37,38. It also generates alerts and logs when attackers interact with it, allowing for the collection of valuable threat intelligence data. This information helps improve network security and incident response by diverting attackers away from real assets toward decoy systems3,39,40.
Integration of the opencanary with the designed smart farming ecosystem involves installing the opencanary on Raspberry Pi and making necessary adjustments to lure the attackers through updating its main configuration file. This involves making adjustments to the host Raspberry Pi device to make it a NAS, which involves changing the hostname of the server and changing the MAC address of the device. Afterward, SSH port 22 was changed to another port 65,522 for deceiving attackers, and finally, opencanary service was set to start on boot up automatically, which concludes the integration of the decoy with the ecosystem. Figure 7 showcases the updated opencanary configuration file, which showcases the updated fields to make it a vulnerable NAS.
Updated opencanary configuration file.
Next, to expose the Raspberry Pi device to the Internet, a home router ( TP-Link N300 4G LTE Telephony Wi-Fi Router) was used by enabling port forwarding in the router. Before enabling the port forwarding, an IP address was reserved for the Raspberry Pi device through the router DHCP settings, as depicted in Fig. 8.
Reserving the IP address for the Raspberry Pi device.
Upon enabling port forwarding through the router, Raspberry Pi is now exposed to the public Internet, and the final step involves using an Uninterruptible Power Supply (UPS) to power up the Raspberry Pi device, the router, and the smart agricultural setup to avoid any power outages as it is common to have power outages in Sri Lanka. Figure 9 showcases the high-level architectural diagram of the validation platform.
The high-level architectural diagram of the novel cyber threat intelligence platform.
Figure 10 showcases the designed validation setup.
Validation setup.
Finally, upon completion of the design of the validation platform, it was kept for 21 days to gather the necessary threat intelligence data. During this observation period, the progress of the honeypot server was monitored by connecting to the Raspberry Pi device using SSH access every two days. In contrast to the developed cyber threat intelligence platform using T-Pot, this doesn’t offer any data visualization dashboards where any intruder attack attempts are logged into a separate folder (/var/tmp/opencanary.log) with IP address and destination port targeted. Overall, during the observation period, there were more than 56,000 intruder access attempts archived in the log file. Table 14 presents attacks observed based on the attack-originating country. According to the results, the majority of attacks originated from China, the United States, and Russia15,16,17,18,19.
The pie chart depicted in Fig. 11 highlights the distribution of attacks by country, which shows that almost most of the attacks originated from China, the United States, and Russia. According to the observed data, it is evident that similar to the results obtained from the previous experiment, the majority of the attacks originated from China, the United States, and Russia.
Distribution of attacks by country (for validation setup).
Table 15 presents the number of attacks received based on the targeted destination port. According to the highlighted results in Table 14, port 3389, linked to Remote Desktop Protocol (RDP), is often vulnerable to unauthorized access, particularly through brute-force attacks. Port 22, designated for SSH, is a frequent target for unauthorized remote access attempts. Port 21, used for File Transfer Protocol (FTP), may face risks of unauthorized entry and data exfiltration if not configured securely. Ports 80 and 443, associated with HTTP and HTTPS, respectively, are susceptible to web-based attacks that exploit vulnerabilities in web servers or applications. Port 5900, utilized for Virtual Network Computing (VNC) and desktop sharing, can be compromised if not properly secured. Similar to the previous experiment, most of the attackers targeted Port 80, which is used for unencrypted HTTP communication. On the other hand, the most commonly targeted destination ports include Port 443, Port 22, and Port 3389, which are used for secure HTTPS communication, remote desktop access, and SSH access. Overall, to mitigate these risks, it is crucial to employ strong passwords, keep software up to date, implement network security measures, and restrict access to these ports to trusted sources35,36,37,38.
From the threat intelligence data gathered during the research, it is evident that whether it is a cloud or Internet-facing data storage server, if proper security measures are not taken, both are highly vulnerable to cyber-attacks. Overall, from the gathered data, it is evident that most of the cyber-attacks that targeted the validation setup are identical to cyber-attacks that targeted the cloud setup. Port scanning with tools like Nmap and Masscan, which aid in locating and interacting with open ports on a network, is a method by which cybercriminals exploit and identify open ports on a global scale11,42,43,44,45. Further, Censys and Shodan, which are search engines for Internet-connected devices, can be misused by cyber attackers to find vulnerable devices, discover open ports, gather detailed device information, identify devices with default configurations, map networks, and locate misconfigured sensitive devices45,46,47,48. While intended for legitimate security purposes, they can be exploited for malicious activities. Once an open port is identified, the services that are being utilized on it are identified, and any known vulnerabilities are exploited. Frequently, these tactics are combined with additional attack vectors, such as opportunistic attacks on inadvertently exposed ports or the exploitation of weak credentials or software vulnerabilities48. This highlights the criticality of implementing proper cyber security measures, such as consistent port monitoring and robust network security measures. To the best of our knowledge and based on the review of the state-of-the-art in smart agriculture security and privacy, our research is the first to present this groundbreaking approach for cyber threat intelligence in smart agriculture employing deception technology. Overall, the proposed platform leverages strategically designed decoys to gather real-time insights into attacker behavior targeting smart agriculture, hence offering a unique and potentially revolutionary approach.
In summary, the designed cyber threat intelligence platform for smart agriculture offers valuable insights on:
Understanding attack patterns and trends (e.g., from where attacks are originating, attacker’s reputation, what methods they are using, and destination ports they are targeting to exploit underlying services)
Identifying actively exploited vulnerabilities and methods they used to escalate privileges to gain further access (e.g., attackers seek to implant backdoors on the target host, exploit vulnerabilities pertaining to remote access, invoke sensitive environmental files, use commonly used user credentials for brute force attacks and so on)
The ways to improve cyber defense mechanisms, such as changing the default user credentials, regular updating of software, and so on.
Based on these insights, several key vulnerabilities and security and privacy challenges can be noted:
Default user credentials
Attackers often attempt to exploit devices with default usernames and passwords set by manufacturers or solution providers. Thus, changing default credentials is a critical security measure to prevent unauthorized access.
Attackers target specific network ports with known vulnerabilities. Ensuring that ports are properly configured, patched, and monitored is essential to mitigate these risks.
Exploitation of TCP and UDP services
Attackers focus on exploiting vulnerabilities in TCP and UDP services. Regularly updating and patching these services can help protect against known vulnerabilities.
Use of proxies and VPNs
Attackers employ tactics to conceal their actual locations and identities by using proxies and VPNs. Detecting and mitigating such anonymization techniques is crucial for network security.
Attribution challenges
Identifying the true source of attacks can be challenging, especially when attackers use compromised resources from various Internet service providers and other techniques to obfuscate their origins.
Unknown attack sources
Many attacks originate from unknown sources, making it difficult to preemptively identify and block potential threats. Thus, advanced threat detection and response mechanisms are essential.
Lack of user awareness
The lack of user awareness may make the smart agricultural ecosystem susceptible to various cyber-attacks as farmers, the ultimate end users, may not have any knowledge about cyber security. Thus, providing cybersecurity training and promoting a security-conscious culture is essential.
The key stakeholders engaged in smart agriculture, including farmers, solution suppliers/manufacturers, the government, and others, have a vital role in ensuring the security and privacy of smart agricultural systems. Overall, farmers should implement security measures and be aware of security and privacy concerns. Solution suppliers must prioritize security and data protection in their solutions where the government can establish regulations and standards. Lastly, collaboration and adherence to best practices are essential to creating a secure and privacy-conscious smart agricultural ecosystem. In this regard, Table 16 provides recommendations for mitigating cyber-attacks based on insights obtained from the cyber threat intelligence platform. These recommendations are linked to the vulnerabilities/challenges discussed earlier and specify the stakeholders responsible for taking action before attacks occur24,25,26,27,28,39,40,41.
In summary, the conducted research emphasizes the urgent requirement for a novel cyber threat intelligence platform within the domain of smart agriculture. The collected data unequivocally illustrates that the agricultural industry is not resistant to the ever-changing and ubiquitous environment of cyber threats. During the period under observation, a significant number of attacks have been identified, shedding light on the vulnerabilities that malicious actors may seek to exploit in relation to smart agriculture systems. The results of this research serve as an urgent reminder of the critical nature of addressing cybersecurity issues by agricultural sector stakeholders. The proliferation of smart agriculture technologies results in an expansion of the attack surface and an advancement in the sophistication of threat actors. Neglecting to mitigate these susceptibilities not only compromises the integrity of agricultural activities but also presents a substantial peril to both food security and the wider economy. Overall, this research proposes developing and implementing an innovative cyber threat intelligence platform as a proactive and strategic measure to mitigate these risks. By capitalizing on real-time threat data and analysis, stakeholders can enhance their comprehension, prediction, and reaction to cyber threats, thus ensuring the uninterrupted operation of smart agriculture systems. In the future, it is critical that policymakers, solution suppliers, and the agricultural community, work together in a coordinated manner to strengthen the cybersecurity stance of smart agriculture. Finally, the insights and recommendations presented in this research provide a solid foundation for further research and action in this critical domain.
The datasets used and/or analysed during the current study available from the corresponding author on reasonable request.
Thilakarathne, N. N. “Security and Privacy Issues in IoT Environment.” Rochester, NY, 2020. Accessed: Nov. 14, 2023. [Online]. Available: https://papers.ssrn.com/abstract=3559982
Elhoseny, M. et al. Security and privacy issues in medical internet of things: overview, countermeasures, challenges and future directions. Sustainability 13(21), 11645. https://doi.org/10.3390/su132111645 (2021).
Article MATH Google Scholar
Sontowski, S. et al., “ Cyber Attacks on Smart Farming Infrastructure,” in 2020 IEEE 6th International Conference on Collaboration and Internet Computing (CIC), Atlanta, GA, USA: IEEE, Dec. 2020, pp. 135–143. https://doi.org/10.1109/CIC50333.2020.00025.
“ Cyber Attacks On the Rise in the Agriculture Industry,” AI EdgeLabs. Accessed: Nov. 14, 2023. [Online]. Available: http://edgelabs.ai/blog/cyber-attacks-on-the-rise-in-the-agriculture-industry/
Jahn, D. M. M. et al., “ Jahn Research Group University of Wisconsin–Madison College of Agriculture and Life Sciences January, 2019”.
Yazdinejad, A. et al. A review on security of smart farming and precision agriculture: Security aspects, attacks, threats and countermeasures. Appl. Sci. 11(16), 7518. https://doi.org/10.3390/app11167518 (2021).
Article CAS MATH Google Scholar
Yang, X. et al. A survey on smart agriculture: Development modes, technologies, and security and privacy challenges. IEEE/CAA J. Autom. Sinica 8(2), 273–302. https://doi.org/10.1109/JAS.2020.1003536 (2021).
Article CAS MATH Google Scholar
Alyahya, S., Khan, W. U., Ahmed, S., Marwat, S. N. K. & Habib, S. Cyber secure framework for smart agriculture: Robust and tamper-resistant authentication scheme for IoT devices. Electronics 11(6), 963. https://doi.org/10.3390/electronics11060963 (2022).
Article MATH Google Scholar
Chatterjee, K. & Singh, A. A blockchain-enabled security framework for smart agriculture. Comput. Electr. Eng. 106, 108594. https://doi.org/10.1016/j.compeleceng.2023.108594 (2023).
Article MATH Google Scholar
Salah, K., Nizamuddin, N., Jayaraman, R. & Omar, M. Blockchain-based soybean traceability in agricultural supply chain. IEEE Access 7, 73295–73305. https://doi.org/10.1109/ACCESS.2019.2918000 (2019).
Article Google Scholar
Alahmadi, A. N. et al. Cyber-security threats and side-channel attacks for digital agriculture. Sensors 22(9), 3520. https://doi.org/10.3390/s22093520 (2022).
Article ADS PubMed PubMed Central Google Scholar
Baranwal, T., Pateriya, P., and Rajput, N. Development of IoT based Smart Security and Monitoring Devices for Agriculture. 2016.
Sinha, B. B. & Dhanalakshmi, R. Recent advancements and challenges of Internet of Things in smart agriculture: A survey. Future Generation Comput. Syst. 126, 169–184. https://doi.org/10.1016/j.future.2021.08.006 (2022).
Article MATH Google Scholar
Ferrag, M. A., Shu, L., Yang, X., Derhab, A. & Maglaras, L. Security and privacy for Green IoT-based agriculture: review, blockchain solutions, and challenges. IEEE Access 8, 32031–32053. https://doi.org/10.1109/ACCESS.2020.2973178 (2020).
Article Google Scholar
Gupta, M., Abdelsalam, M., Khorsandroo, S. & Mittal, S. Security and privacy in smart farming: challenges and opportunities. IEEE Access 8, 34564–34584. https://doi.org/10.1109/ACCESS.2020.2975142 (2020).
Article Google Scholar
Torres, A. E., Torres, F., and Budgud, A. T.,“ Cyber Threat Intelligence Methodologies: Hunting Cyber Threats with Threat Intelligence Platforms and Deception Techniques,” in 2nd EAI International Conference on Smart Technology, F. Torres-Guerrero, L. Neira-Tovar, and J. Bacca-Acosta, Eds., in EAI/Springer Innovations in Communication and Computing. , Cham: Springer International Publishing, 2023, pp. 15–37. https://doi.org/10.1007/978-3-031-07670-1_2.
Urias, V. E., Stout, W. M. S. and Lin, H. W. “Gathering threat intelligence through computer network deception,” in 2016 IEEE Symposium on Technologies for Homeland Security (HST), Waltham, MA, USA: IEEE, May 2016, pp. 1–6. https://doi.org/10.1109/THS.2016.7568916.
Ajmal, A. B. et al. Last line of defense: reliability through inducing cyber threat hunting with deception in Scada networks. IEEE Access 9, 126789–126800. https://doi.org/10.1109/ACCESS.2021.3111420 (2021).
Article Google Scholar
“ Cloud Computing Services – Amazon Web Services (AWS).” Accessed: Nov. 25, 2023. [Online]. Available: https://aws.amazon.com/
Deutsche Telekom Security GmbH and M. Ochse, “ T-Pot.” Apr. 2022. Accessed: Nov. 25, 2023. [Online]. Available: https://github.com/telekom-security/tpotce
“ Securing Web Applications Using SNARE and Tanner Honeypot.” Accessed: Nov. 25, 2023. [Online]. Available: https://www.jetir.org/view?paper=JETIR1806545
Cascavilla, G., Tamburri, D. A. & Van Den Heuvel, W.-J. Cybercrime threat intelligence: A systematic multi-vocal literature review. Comput. Secur. 105, 102258. https://doi.org/10.1016/j.cose.2021.102258 (2021).
Article Google Scholar
Devi, S., Ramadass, S., Joshi, A., and Bagate, R.“ Design of IoT Blockchain Based Smart Agriculture for Enlightening Safety and Security,” 2019, pp. 7–19. https://doi.org/10.1007/978-981-13-8300-7_2.
“Ransomware Attacks on Agriculture Potentially Timed to Critical Seasons,” Security Intelligence. Accessed: Nov. 14, 2023. [Online]. Available: https://securityintelligence.com/news/ransomware-attacks-agriculture/
de Araujo Zanella, A. R., da Silva, E. and Pessoa Albini, L. C. “ Security challenges to smart agriculture: Current state, key issues, and future directions,” Array, vol. 8, p. 100048, Dec. 2020, https://doi.org/10.1016/j.array.2020.100048.
Vangala, A., Das, A. K., Chamola, V., Korotaev, V. & Rodrigues, J. Security in IoT-enabled smart agriculture: architecture, security solutions and challenges. Cluster Comput. https://doi.org/10.1007/s10586-022-03566-7 (2022).
Article MATH Google Scholar
Demestichas, K., Peppes, N. & Alexakis, T. Survey on security threats in agricultural IoT and smart farming. Sensors 20(22), 6458. https://doi.org/10.3390/s20226458 (2020).
Article ADS PubMed PubMed Central MATH Google Scholar
“ Smart_Secure_Sensing_for_IoT-Based_Agriculture_Blockchain_Perspective.pdf,” Google Docs. Accessed: Nov. 14, 2023. [Online]. Available: https://drive.google.com/file/d/1kynbKIFoFFhwb8BGDf51AhY0p7AwF-uZ/view?usp=embed_facebook
Ongadi, P. A. A comprehensive examination of security and privacy in precision agriculture technologies. GSC Adv. Res. Rev. 18(1), 336–363. https://doi.org/10.30574/gscarr.2024.18.1.0026 (2024).
Article Google Scholar
Mahalingam, N. & Sharma, P. An intelligent blockchain technology for securing an IoT-based agriculture monitoring system. Multimed. Tools Appl. 83(4), 10297–10320. https://doi.org/10.1007/s11042-023-15985-8 (2024).
Article MATH Google Scholar
Mohy-eddine, M., Guezzaz, A., Benkirane, S. & Azrour, M. Malicious detection model with artificial neural network in IoT-based smart farming security. Cluster Comput. https://doi.org/10.1007/s10586-024-04334-5 (2024).
Article Google Scholar
Jaber, M. M. et al. PPDA-FAF: maintaining data security and privacy in green IoT-based agriculture. Int. J. Coop. Info. Syst. 33(01), 2250007. https://doi.org/10.1142/S0218843022500071 (2024).
Article MATH Google Scholar
Senthil Kumar, C. and Vijay Anand, R. “ Security in IOT-Enabled Smart Agriculture Systems,” in Communication Technologies and Security Challenges in IoT, A. Prasad, T. P. Singh, and S. Dwivedi Sharma, Eds., in Internet of Things. , Singapore: Springer Nature Singapore, 2024, pp. 279–300. https://doi.org/10.1007/978-981-97-0052-3_14.
Rahul R, R. Venkatesan, and T. J. Jebaseeli, “ Smart Farming with Improved Security using Ascon Encryption and Authentication,” in 2024 2nd International Conference on Intelligent Data Communication Technologies and Internet of Things (IDCIoT), Bengaluru, India: IEEE, Jan. 2024, pp. 365–373. https://doi.org/10.1109/IDCIoT59759.2024.10467361.
Urias, V. E., Stout, W. M. S., Luc-Watson, J., Grim, C., Liebrock, L. and Merza, M. “Technologies to enable cyber deception,” in 2017 International Carnahan Conference on Security Technology (ICCST), Madrid: IEEE, Oct. 2017, pp. 1–6. https://doi.org/10.1109/CCST.2017.8167793.
Ramsdale, A., Shiaeles, S. & Kolokotronis, N. A Comparative analysis of cyber-threat intelligence sources, formats and languages. Electronics 9(5), 824. https://doi.org/10.3390/electronics9050824 (2020).
Article Google Scholar
Schlette, D., Caselli, M. & Pernul, G. A comparative study on cyber threat intelligence: the security incident response perspective. IEEE Commun. Surv. Tutorials 23(4), 2525–2556. https://doi.org/10.1109/COMST.2021.3117338 (2021).
Article MATH Google Scholar
Tounsi, W. & Rais, H. A survey on technical threat intelligence in the age of sophisticated cyber attacks. Comput. Security 72, 212–233. https://doi.org/10.1016/j.cose.2017.09.001 (2018).
Article MATH Google Scholar
Mishra, S., Albarakati, A. & Sharma, S. K. Cyber threat intelligence for IoT using machine learning. Processes 10(12), 2673. https://doi.org/10.3390/pr10122673 (2022).
Article MATH Google Scholar
Bou-Harb, E. and Neshenko, N., Cyber Threat Intelligence for the Internet of Things. Cham: Springer International Publishing, 2020. https://doi.org/10.1007/978-3-030-45858-4.
Mavroeidis, V. and Bromander, S. “ Cyber Threat Intelligence Model: An Evaluation of Taxonomies, Sharing Standards, and Ontologies within Cyber Threat Intelligence,” in 2017 European Intelligence and Security Informatics Conference (EISIC), Athens: IEEE, Sep. 2017, pp. 91–98. https://doi.org/10.1109/EISIC.2017.20.
Wagner, T. D., Mahbub, K., Palomar, E. & Abdallah, A. E. Cyber threat intelligence sharing: survey and research directions. Comput. Security 87, 101589. https://doi.org/10.1016/j.cose.2019.101589 (2019).
Article Google Scholar
Mendez Mena D. and Yang, B. “ Decentralized actionable cyber threat intelligence for networks and the internet of things,” IoT, 2(1), 1–16, (2020), https://doi.org/10.3390/iot2010001.
Kumar, S., Janet, B. and Eswari, R. “ Multi Platform Honeypot for Generation of Cyber Threat Intelligence,” in 2019 IEEE 9th International Conference on Advanced Computing (IACC), Tiruchirappalli, India: IEEE, Dec. 2019, pp. 25–29. https://doi.org/10.1109/IACC48062.2019.8971584.
Al-Alami, H., Hadi, A., and Al-Bahadili, H. “ Vulnerability scanning of IoT devices in Jordan using Shodan,” in 2017 2nd International Conference on the Applications of Information Technology in Developing Renewable Energy Processes & Systems (IT-DREPS), Amman: IEEE, Dec. 2017, pp. 1–6. https://doi.org/10.1109/IT-DREPS.2017.8277814.
Fernández-Caramés, T. M. & Fraga-Lamas, P. Teaching and learning IoT cybersecurity and vulnerability assessment with shodan through practical use cases. Sensors 20(11), 3048. https://doi.org/10.3390/s20113048 (2020).
Article ADS PubMed PubMed Central MATH Google Scholar
Albataineh, A. and Alsmadi, I. “ IoT and the Risk of Internet Exposure: Risk Assessment Using Shodan Queries,” in 2019 IEEE 20th International Symposium on “A World of Wireless, Mobile and Multimedia Networks” (WoWMoM), Washington, DC, USA: IEEE, Jun. 2019, pp. 1–5. https://doi.org/10.1109/WoWMoM.2019.8792986.
Bodenheim, R., Butts, J., Dunlap, S. & Mullins, B. Evaluation of the ability of the Shodan search engine to identify Internet-facing industrial control devices. Int. J. Critical Infrastructure Protection 7(2), 114–123. https://doi.org/10.1016/j.ijcip.2014.03.001 (2014).
Article Google Scholar
Download references
Faculty of Integrated Technologies, Universiti Brunei Darussalam, Gadong, BE1410, Brunei
Navod Neranjan Thilakarathne, Muhammad Saifullah Abu Bakar, Pg Emeroylariffion Abas & Hayati Yassin
You can also search for this author in PubMed Google Scholar
You can also search for this author in PubMed Google Scholar
You can also search for this author in PubMed Google Scholar
You can also search for this author in PubMed Google Scholar
N.N.T wrote the main manuscript text . N.N.T, M.S.A.B , P.E.A. and H.Y edited the manusctipt.. All authors reviewed the manuscript.
Correspondence to Navod Neranjan Thilakarathne or Hayati Yassin.
The authors declare no competing interests.
Experimental research and field studies on plants comply with relevant institutional, national, and international guidelines and legislation. We confirm that appropriate permissions were obtained for the cultivation of tomato plants from seeds used in this research. All activities related to the cultivation and experimentation were conducted in accordance with IUCN guidelines. The current study complies with relevant guidelines of IUCN Policy Statement on Research Involving Species at Risk of Extinction and Convention on the Trade in Endangered Species of Wild Fauna and Flora.
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Open Access This article is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License, which permits any non-commercial use, sharing, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if you modified the licensed material. You do not have permission under this licence to share adapted material derived from this article or parts of it. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by-nc-nd/4.0/.
Reprints and permissions
Thilakarathne, N.N., Bakar, M.S.A., Abas, P.E. et al. A novel cyber threat intelligence platform for evaluating the risk associated with smart agriculture. Sci Rep 15, 3904 (2025). https://doi.org/10.1038/s41598-025-85320-8
Download citation
Received:
Accepted:
Published:
DOI: https://doi.org/10.1038/s41598-025-85320-8
Anyone you share the following link with will be able to read this content:
Sorry, a shareable link is not currently available for this article.
Provided by the Springer Nature SharedIt content-sharing initiative
Advertisement
© 2025 Springer Nature Limited
Sign up for the Nature Briefing: AI and Robotics newsletter — what matters in AI and robotics research, free to your inbox weekly.
About The Author
More Stories
India’s 2025 Cricket Schedule: Full Fixtures for South Africa Series & Upcoming Tours – MSN
Academic-Program Cuts Piled Up This Summer. Here’s a Rundown. – The Chronicle of Higher Education
South Africa News: Pilot Dies After Plane Crashes At Air Show In South Africa – NDTV