Smart Buildings

37.8% of Smart Building Automation Systems Were Attacked in H1 2019, Kaspersky Reports

Copy article link
Almost 4 in 10 (37.8%) computers used to control smart building automation systems were subject to some kind of malicious attack in the first half of 2019. That’s according to the results of a study of smart building threats conducted by global cybersecurity firm Kaspersky. The study, which was released during the Kaspersky Industrial Cybersecurity 2019 event being held in Sochi, Russia, showed that while it is unclear if such systems were deliberately targeted, they are, one way or another, becoming a common destination for various generic threats. "While these figures are relatively low in comparison to the wider threat landscape, their impact should not be underestimated," said Kirill Kruglov, security researcher at Kaspersky ICS CERT, in a press release to highlight the study. "Imagine if credentials from a highly secured building are stolen by a generic piece of malware and then sold on the black market, or a sophisticated building's life support system is […]

Stay ahead of the pack

with the latest independent smart building research and thought leadership.

Have an account? Login

Subscribe Now for just $200 per year per user (just $17 USD per month) for Access to Quality Independent Smart Building Research & Analysis!

What Exactly Do you Get?

  • Access to Website Articles and Notes. Unlimited Access to the Library of over 1,700 Articles Spanning 10 Years.
  • 10% discount on ALL Memoori Research reports for Subscribers! So if you only buy ONE report you will get your subscription fee back!
  • Industry-leading Analysis Every Week, Direct to your Inbox.
  • AND Cancel at any time
Subscribe Now

Want a Corporate or Group subscription? Get in touch.
Email us at: support@memoori.com

Almost 4 in 10 (37.8%) computers used to control smart building automation systems were subject to some kind of malicious attack in the first half of 2019. That’s according to the results of a study of smart building threats conducted by global cybersecurity firm Kaspersky. The study, which was released during the Kaspersky Industrial Cybersecurity 2019 event being held in Sochi, Russia, showed that while it is unclear if such systems were deliberately targeted, they are, one way or another, becoming a common destination for various generic threats.

"While these figures are relatively low in comparison to the wider threat landscape, their impact should not be underestimated," said Kirill Kruglov, security researcher at Kaspersky ICS CERT, in a press release to highlight the study.

"Imagine if credentials from a highly secured building are stolen by a generic piece of malware and then sold on the black market, or a sophisticated building's life support system is frozen because essential processes have been encrypted by yet another ransomware strain," Kruglov said. "The list of possible scenarios is endless."

The smart building is a broad and complex threat landscape with hundreds or thousands of digital endpoints, all connected to centralized systems that control critical services. Technology from numerous manufacturers, communicating through a variety of protocols, and often managed by people with limited cybersecurity experience, all further increase the risk of attack. For all the health, productivity, cost-saving, and environmental benefits of smart buildings, the greater connectivity they demand comes at a cost.

“More connectivity certainly means a greater potential vulnerability to attack,” David Emm, Principal Security Researcher with Kaspersky Labs’ Global Research & Analysis Team, told Memoori in a 2017 interview. “Thinking offline for a second, the more time you spend on the street, the bigger the opportunity to get mugged or knocked down on the road. It’s no different online, the more points of connection you have with the internet, the more of an attack surface you present. It’s not inevitable, however, if you’re wary and use pedestrian crossings, you can limit your exposure. It’s the same online,” he continued.

According to the H1 2019 research, of the 37.8% protected smart building systems management computers targeted, more than 11% were attacked with variants of spyware - malware aimed at stealing account credentials and other valuable information. Worms were detected on 10.8% of workstations, while 7.8% received phishing scams and 4.2% encountered ransomware. For many of these attack types, we need to look beyond technical solutions and start considering some human security upgrades.

“I would be more concerned by the lack of awareness [rather than increasing connectivity]. We absorb road safety and city safety information from a young age, it’s almost intuitive. If you grow up in a city, you’re very aware of the dangers. It is not the same with connectivity. Most people think of their smartphone as a phone, not as the fully-fledged computer it is. There’s an attack surface but people don’t realize it’s there,” Emm told Memoori in the context of the BYOD (bring your own device) culture.

“In recent years I have been grappling with the BYOD trend, which offers excellent productivity benefits. BYOD could end up meaning bring your own vulnerability. Your device could be infected on your home network and then you walk straight into your office with it, putting your whole company at risk,” Emm continued. “I think we’re seeing the further end of de-perimeterization, as the Jericho Forum called it – I am the network wherever i happen to be, so if you want to secure the network you have to secure me.”

The majority of threats came from the internet, however, with 26% of infection attempts being web-born. Removable media including flashsticks and external hard drives were only responsible for 10% of cases, the same percentage that faced threats from email links or attachments. While just 1.5% of smart building computers were found to have been attacked from sources within the organization network, such as shared folders.

Most Popular Articles

SmartSpace Software Acquisition by SignIn Solutions
Smart Buildings

What’s Behind the Acquisition of SmartSpace Software by Sign In Solutions?

This Research Note examines what’s behind the acquisition of UK-listed company, SmartSpace Software by visitor management software firm, Sign In Solutions, agreed by the shareholders on 18th April 2024. We review the bidding war started by Skedda, assess the terms of the offer, and highlight the respective businesses in workplace management solutions. Competing Bids On […]

Complimentary Article Building Data UNS Unified Namespace
Smart Buildings

#Podcast 29: How Can We Fix Building Data Integration Problems?

In our Podcast series “Sh*t You Wish Your Building Did!”, Memoori explores the intersection between technology and commercial buildings through interesting conversations. For Episode 29, we were joined by Brahm Lategan, Smart Building Consultant at MiX. We dived into the world of Commercial IoT Building Data. Why are data integration problems in commercial buildings so […]

Complimentary Article AI Interface Commercial Buildings
Smart Buildings

Recording: AI as an Interface for Commercial Buildings

Here is the recording and presentation from our live stream with Jonathan McFarlane from PlaceOS discussing how AI Large Language Models (LLMs) will change the way we interact with our buildings. The future of building system user interfaces is not dashboards! Artificial Intelligence, and specifically LLMs, will change commercial building system interactions from “point & […]

Subscribe to the Newsletter & get all our Articles & Research Delivered Straight to your Inbox.

Please enter a valid email

Please enter your name

Please enter company name

By signing up you agree to our privacy policy