We have even noticed that some companies have implemented advanced protection mechanisms pointing systems or servers that are infected to be routed to a honeypot solution to set up a trap and uncover the actual motive behind the infection or attack.
Testers can identify these honeypot hosts, as they typically respond with all ports open.