Smart Buildings

37.8% of Smart Building Automation Systems Were Attacked in H1 2019, Kaspersky Reports

Copy article link
Almost 4 in 10 (37.8%) computers used to control smart building automation systems were subject to some kind of malicious attack in the first half of 2019. That’s according to the results of a study of smart building threats conducted by global cybersecurity firm Kaspersky. The study, which was released during the Kaspersky Industrial Cybersecurity 2019 event being held in Sochi, Russia, showed that while it is unclear if such systems were deliberately targeted, they are, one way or another, becoming a common destination for various generic threats. "While these figures are relatively low in comparison to the wider threat landscape, their impact should not be underestimated," said Kirill Kruglov, security researcher at Kaspersky ICS CERT, in a press release to highlight the study. "Imagine if credentials from a highly secured building are stolen by a generic piece of malware and then sold on the black market, or a sophisticated building's life support system is […]

Stay ahead of the pack

with the latest independent smart building research and thought leadership.

Have an account? Login

Subscribe Now for just $200 per year per user (just $17 USD per month) for Access to Quality Independent Smart Building Research & Analysis!

What Exactly Do you Get?

  • Access to Website Articles and Notes. Unlimited Access to the Library of over 1,700 Articles Spanning 10 Years.
  • 10% discount on ALL Memoori Research reports for Subscribers! So if you only buy ONE report you will get your subscription fee back!
  • Industry-leading Analysis Every Week, Direct to your Inbox.
  • AND Cancel at any time
Subscribe Now

Want a Corporate or Group subscription? Get in touch.
Email us at: support@memoori.com

Almost 4 in 10 (37.8%) computers used to control smart building automation systems were subject to some kind of malicious attack in the first half of 2019. That’s according to the results of a study of smart building threats conducted by global cybersecurity firm Kaspersky. The study, which was released during the Kaspersky Industrial Cybersecurity 2019 event being held in Sochi, Russia, showed that while it is unclear if such systems were deliberately targeted, they are, one way or another, becoming a common destination for various generic threats.

"While these figures are relatively low in comparison to the wider threat landscape, their impact should not be underestimated," said Kirill Kruglov, security researcher at Kaspersky ICS CERT, in a press release to highlight the study.

"Imagine if credentials from a highly secured building are stolen by a generic piece of malware and then sold on the black market, or a sophisticated building's life support system is frozen because essential processes have been encrypted by yet another ransomware strain," Kruglov said. "The list of possible scenarios is endless."

The smart building is a broad and complex threat landscape with hundreds or thousands of digital endpoints, all connected to centralized systems that control critical services. Technology from numerous manufacturers, communicating through a variety of protocols, and often managed by people with limited cybersecurity experience, all further increase the risk of attack. For all the health, productivity, cost-saving, and environmental benefits of smart buildings, the greater connectivity they demand comes at a cost.

“More connectivity certainly means a greater potential vulnerability to attack,” David Emm, Principal Security Researcher with Kaspersky Labs’ Global Research & Analysis Team, told Memoori in a 2017 interview. “Thinking offline for a second, the more time you spend on the street, the bigger the opportunity to get mugged or knocked down on the road. It’s no different online, the more points of connection you have with the internet, the more of an attack surface you present. It’s not inevitable, however, if you’re wary and use pedestrian crossings, you can limit your exposure. It’s the same online,” he continued.

According to the H1 2019 research, of the 37.8% protected smart building systems management computers targeted, more than 11% were attacked with variants of spyware - malware aimed at stealing account credentials and other valuable information. Worms were detected on 10.8% of workstations, while 7.8% received phishing scams and 4.2% encountered ransomware. For many of these attack types, we need to look beyond technical solutions and start considering some human security upgrades.

“I would be more concerned by the lack of awareness [rather than increasing connectivity]. We absorb road safety and city safety information from a young age, it’s almost intuitive. If you grow up in a city, you’re very aware of the dangers. It is not the same with connectivity. Most people think of their smartphone as a phone, not as the fully-fledged computer it is. There’s an attack surface but people don’t realize it’s there,” Emm told Memoori in the context of the BYOD (bring your own device) culture.

“In recent years I have been grappling with the BYOD trend, which offers excellent productivity benefits. BYOD could end up meaning bring your own vulnerability. Your device could be infected on your home network and then you walk straight into your office with it, putting your whole company at risk,” Emm continued. “I think we’re seeing the further end of de-perimeterization, as the Jericho Forum called it – I am the network wherever i happen to be, so if you want to secure the network you have to secure me.”

The majority of threats came from the internet, however, with 26% of infection attempts being web-born. Removable media including flashsticks and external hard drives were only responsible for 10% of cases, the same percentage that faced threats from email links or attachments. While just 1.5% of smart building computers were found to have been attacked from sources within the organization network, such as shared folders.

Most Popular Articles

Matterport Costar Acquisition
Smart Buildings

What’s Behind the Acquisition of Matterport by CoStar?

In this Research Note, we examine what’s behind the Costar acquisition of Matterport, the US digital twin business founded in 2011. This analysis is based on Matterport’s investor presentation 20th February 2024, 10K Annual Reports, and recent press releases. CoStar Business Founded in 1987, CoStar Group is a $2.5 billion revenue company, operating some of […]

AI Commercial Buildings 2024
Smart Buildings

Mapping the Global Landscape of AI in Commercial Buildings 2024

The artificial intelligence (AI) landscape in commercial buildings is rapidly evolving. Significant growth in the number and size of companies offering AI-enabled products and services in commercial real estate has been growing around the world in recent years. The private sector has seen a sharp rise in AI development and with that, the number of […]

LumenRadio Wireless Mesh
Smart Buildings

LumenRadio Wireless IoT Business and 2023 Financials Examined

This Research Note examines the wireless IoT business of LumenRadio AB, a Swedish public company listed on Nasdaq First North Growth market since 8th December 2022. We focus on the company’s product portfolio, OEM customers, acquisitions, and 2023 financial highlights, based on LumenRadio’s IPO prospectus, its Year-End Report 2023, and recent press releases. Founded in […]

Subscribe to the Newsletter & get all our Articles & Research Delivered Straight to your Inbox.

Please enter a valid email

Please enter your name

Please enter company name

By signing up you agree to our privacy policy