New research from Kaspersky shows that the first half of 2019 was detrimental to smart building automation systems, with 37.8% of the computers used to control them affected by malicious cyber attacks.
Most of the blocked threats are neither targeted, nor specific to building-based automation systems, meaning, it is ordinary malware regularly found on corporate networks, unrelated to automation systems. But the attacks bring side effects with potentially significant impact on the availability and integrity of automation systems.
SEE: Smart cities: A business leader’s guide (free PDF) (TechRepublic)
“While these figures are relatively low in comparison to the wider threat landscape, their impact should not be underestimated,” said Kirill Kruglov, security researcher at Kaspersky ICS CERT, in a press release.
Kaspersky’s study culled information for 40,000 smart buildings worldwide that use its security products. This analysis of telemetry reveal smart building cyber attacks are a reality. Smart buildings are not just office and residential buildings, but hospitals, shopping malls, prisons, industrial production, public transport, wherever large work and/or living areas need to be controlled.
Smart building automation systems are typically sensors and controllers which monitor and automate elevators, ventilation, heating, lighting, electricity, water supply, video surveillance, alarm systems, fire extinguishing systems, access controls and other critical information and security systems. These systems are generally managed and controlled by generic workstations that are often connected to the internet, and a successful attack can easily result in the failure of one or several critically important smart building systems.
“Imagine if credentials from a highly secured building are stolen by a generic piece of malware and then sold on the black market, or a sophisticated building’s life support system is frozen because essential processes have been encrypted by yet another ransomware strain,” Kruglov said. “The list of possible scenarios is endless.”
Of the 37.8% protected smart building systems management computers targeted, more than 11% were attacked with variants of spyware, malware aimed at stealing account credentials and other valuable information. Worms were detected on 10.8% of workstations, 7.8% received phishing scams and 4.2% encountered ransomware.
The majority of threats came from the internet, with 26% of infection attempts being web-born. Removable media including flashsticks and external hard drives were responsible in 10% of cases, another 10% faced threats via email links and attachments and 1.5% of smart building computers were attacked from sources within the organization network, such as shared folders.
“We urge security teams, whose area of responsibility covers IT networks of smart buildings, not to forget that they need protection,” Kruglov said. “Even a basic solution will provide benefits and defend the organization against potentially crippling attacks.”
Signs of a potential attack can begin, Kruglov said, with disruption of computers controlling the automation systems, and subsequent system failure. Such a breakdown can result in disruption of the building’s daily operation: electricity, water, and ventilation may continue to work, but problems may arise with opening/closing doors or elevators, as well as issues with the fire-extinguishing system, resulting in a false alarm or in a worst-case-scenario, no fire alarm in the wake of a fire.
Therefore, it is critical to monitor network communications, on the perimeter as well as inside the automation system’s network. “Even minimal monitoring will reveal current issues and violations, the elimination of which will significantly increase the object’s level of security,” Kruglov said.