Smart Buildings

37.8% of Smart Building Automation Systems Were Attacked in H1 2019, Kaspersky Reports

Almost 4 in 10 (37.8%) computers used to control smart building automation systems were subject to some kind of malicious attack in the first half of 2019. That’s according to the results of a study of smart building threats conducted by global cybersecurity firm Kaspersky. The study, which was released during the Kaspersky Industrial Cybersecurity 2019 event being held in Sochi, Russia, showed that while it is unclear if such systems were deliberately targeted, they are, one way or another, becoming a common destination for various generic threats. "While these figures are relatively low in comparison to the wider threat landscape, their impact should not be underestimated," said Kirill Kruglov, security researcher at Kaspersky ICS CERT, in a press release to highlight the study. "Imagine if credentials from a highly secured building are stolen by a generic piece of malware and then sold on the black market, or a sophisticated building's life support system is […]

Stay ahead of the pack

with the latest independent smart building research and thought leadership.

Have an account? Login

Subscribe Now for just $200 per year per user (just $17 USD per month) for Access to Quality Independent Smart Building Research & Analysis!

What Exactly Do you Get?

  • Access to Website Articles and Notes. Unlimited Access to the Library of over 1,700 Articles Spanning 10 Years.
  • 10% discount on ALL Memoori Research reports for Subscribers! So if you only buy ONE report you will get your subscription fee back!
  • Industry-leading Analysis Every Week, Direct to your Inbox.
  • AND Cancel at any time
Subscribe Now

Almost 4 in 10 (37.8%) computers used to control smart building automation systems were subject to some kind of malicious attack in the first half of 2019. That’s according to the results of a study of smart building threats conducted by global cybersecurity firm Kaspersky. The study, which was released during the Kaspersky Industrial Cybersecurity 2019 event being held in Sochi, Russia, showed that while it is unclear if such systems were deliberately targeted, they are, one way or another, becoming a common destination for various generic threats.

"While these figures are relatively low in comparison to the wider threat landscape, their impact should not be underestimated," said Kirill Kruglov, security researcher at Kaspersky ICS CERT, in a press release to highlight the study.

"Imagine if credentials from a highly secured building are stolen by a generic piece of malware and then sold on the black market, or a sophisticated building's life support system is frozen because essential processes have been encrypted by yet another ransomware strain," Kruglov said. "The list of possible scenarios is endless."

The smart building is a broad and complex threat landscape with hundreds or thousands of digital endpoints, all connected to centralized systems that control critical services. Technology from numerous manufacturers, communicating through a variety of protocols, and often managed by people with limited cybersecurity experience, all further increase the risk of attack. For all the health, productivity, cost-saving, and environmental benefits of smart buildings, the greater connectivity they demand comes at a cost.

“More connectivity certainly means a greater potential vulnerability to attack,” David Emm, Principal Security Researcher with Kaspersky Labs’ Global Research & Analysis Team, told Memoori in a 2017 interview. “Thinking offline for a second, the more time you spend on the street, the bigger the opportunity to get mugged or knocked down on the road. It’s no different online, the more points of connection you have with the internet, the more of an attack surface you present. It’s not inevitable, however, if you’re wary and use pedestrian crossings, you can limit your exposure. It’s the same online,” he continued.

According to the H1 2019 research, of the 37.8% protected smart building systems management computers targeted, more than 11% were attacked with variants of spyware - malware aimed at stealing account credentials and other valuable information. Worms were detected on 10.8% of workstations, while 7.8% received phishing scams and 4.2% encountered ransomware. For many of these attack types, we need to look beyond technical solutions and start considering some human security upgrades.

“I would be more concerned by the lack of awareness [rather than increasing connectivity]. We absorb road safety and city safety information from a young age, it’s almost intuitive. If you grow up in a city, you’re very aware of the dangers. It is not the same with connectivity. Most people think of their smartphone as a phone, not as the fully-fledged computer it is. There’s an attack surface but people don’t realize it’s there,” Emm told Memoori in the context of the BYOD (bring your own device) culture.

“In recent years I have been grappling with the BYOD trend, which offers excellent productivity benefits. BYOD could end up meaning bring your own vulnerability. Your device could be infected on your home network and then you walk straight into your office with it, putting your whole company at risk,” Emm continued. “I think we’re seeing the further end of de-perimeterization, as the Jericho Forum called it – I am the network wherever i happen to be, so if you want to secure the network you have to secure me.”

The majority of threats came from the internet, however, with 26% of infection attempts being web-born. Removable media including flashsticks and external hard drives were only responsible for 10% of cases, the same percentage that faced threats from email links or attachments. While just 1.5% of smart building computers were found to have been attacked from sources within the organization network, such as shared folders.

Most Popular Articles

Schneider Electric Smart Buildings 2023
Smart Buildings

Schneider Electric Smart Buildings Business & Financials 2023 Examined

In this Research Note, we examine the Smart Buildings business of Schneider Electric, based on their 2023 Full Year Results, presentations, Q3 and Q4 earnings calls. Significant partnerships, acquisitions and divestments in the smart buildings space are also highlighted throughout 2023. Schneider Electric Energy Management Division The Buildings end market of Schneider Electric is addressed […]

ABB Smart Buildings 2023
Smart Buildings

ABB Smart Buildings Business 2023 Examined

In this Research Note, we examine the Smart Buildings business of ABB, based on their February 2024 Factsheet and building automation portfolio, acquisitions, divestments and investments throughout 2023. This article updates our 2022 Examined article published in March 2023 and the Capital Markets Day update for Smart Buildings in December 2023. The Smart Buildings division, […]

UK Green Building Council Progress Report
Energy

“Our Industry is Not Moving Fast Enough” – UK Green Building Council

The United Kingdom (UK) is falling behind in its projected green building roadmap according to the UK’s Green Building Council’s (UKGBC) progress report. The initial 2021 roadmap demanded a 19% drop in emissions over the past four years but the latest data shows just a 13% fall, more than 30% short of the target reduction. […]

Subscribe to the Newsletter & get all our Articles & Research Delivered Straight to your Inbox.

Please enter a valid email

Please enter your name

Please enter company name

By signing up you agree to our privacy policy