Forty percent of smart buildings hit with cyberattacks in H1 2019
New research from cybersecurity organisation Kaspersky reveals that 37.8 percent of smart buildings were affected by malicious attacks in the first half of 2019.
While the findings, published online in the lead up to the seventh Kaspersky Industrial Cybersecurity Conference 2019, reveal a 5.4 percent increase in cyberattacks on building-based automation systems over the second half of 2018. Although the systems may not have been deliberately targeted – the issues were detected on systems associated with the systems, not the systems themselves – the very presence of such malicious objects poses a very serious concern for smart building operators.
Of the 37.8 percent of building management systems affected, 11.3 percent were attacked with spyware designed to steal account credentials and other valuable data, 10.8 were infected with worms, 7.8 percent had involved phishing scams and 4.2 percent encountered ransomware threats.
Not all of these cyberattacks originated on the internet. Twenty-six percent of infection attempts came from the web, but 10 percent came from removable media such as USB sticks and external hard drives. Another 10 percent appeared in emails links and attachments, while 1.5 percent of smart buildings were attacked by sources within the organisation network.
These figures are relatively low in comparison to the overall threat landscape, but high in relation to the share of attacked computers than in industrial systems. Property managers must take notice. As building-based automation systems become increasingly popular and the scale of the data passing through them expands, the potential impact of a cyberattack is severe.
“Imagine if credentials from a highly secured building are stolen by a generic piece of malware and then sold on the black market, or a sophisticated building’s life support system is frozen because essential processes have been encrypted by yet another ransomware strain,” says Kirill Kruglov, security researcher at Kaspersky ICS CERT.
“The list of possible scenarios is endless. We urge security teams, whose area of responsibility covers IT networks of smart buildings, not to forget that they need protection. Even a basic solution will provide benefits and defend the organisation against potentially crippling attacks.”
To learn more about Kaspersky’s findings, click here.
Image: 123RF’s zozoen ©, 123RF.com