The e-magazine for KNX home & building control

Kaspersky Finds Nearly Four in Ten Smart Buildings Targeted by Malicious Attacks in First Half of 2019

According to new research from Kaspersky, almost four in ten (37.8%) computers used to control smart building automation systems were affected by malicious attacks in the first half of 2019. The findings indicate that while it is unclear if such systems were deliberately targeted, they often become an end point for various generic threats posing significant implications to smart building operations.

Based on analysis of telemetry processed by roughly 40 thousand randomly chosen Kaspersky security solutions deployed at smart buildings around the world, it’s clear that smart building cyber attacks are a reality. Smart building automation systems typically consist of sensors and controllers used to monitor and automate the operation of elevators, ventilation, electricity and water supplies, access controls and many other critical information and security systems. These systems are generally managed and controlled by generic workstations that are often connected to the internet, and a successful attack can easily result in the failure of one or several critically important smart building systems.

Of the 37.8% protected smart building systems management computers that were targeted, more than 11% were attacked with different variants of spyware, a type of malware aimed at stealing account credentials and other valuable information. Worms were detected on 10.8% of workstations, 7.8% received phishing scams and 4.2% encountered ransomware.

The majority of threats came from the internet, with 26% of infection attempts being web-born. Removable media including flash sticks andexternal hard drives were responsible in 10% of cases and another 10% faced threats via email links and attachments. 1.5% of smart building computers were attacked from sources within the organization network such as shared folders.

“While these figures are relatively low in comparison to the wider threat landscape, their impact should not be underestimated,” said Kirill Kruglov, security researcher at Kaspersky ICS CERT. “Imagine if credentials from a highly secured building are stolen by a generic piece of malware and then sold on the black market, or a sophisticated building’s life support system is frozen because essential processes have been encrypted by yet another ransomware strain. The list of possible scenarios is endless. We urge security teams, whose area of responsibility covers IT networks of smart buildings, not to forget that they need protection. Even a basic solution will provide benefits and defend the organization against potentially crippling attacks.”

usa.kaspersky.com

Share on facebook
Share
Share on twitter
Tweet
Share on linkedin
Share

SPONSORS

Products of the month

KNX Switch Actuators Upgrade


KNX Switch Actuators Upgrade
The new ABB ETS App Version 1.1 has a pack of new features empowering the switch actuator range further ...

thePixa Optical Presence Detector


thePixa Optical Presence Detector
Theben's thePixa KNX optical presence detector detects how many people are in a room and where exactly they are ...

Conventional becomes smart


Conventional becomes smart
No dirt, no noise, no bus line – the classic electrical installation is sufficient: the new JUNG KNX RF push-buttons ...

AVE’s KNX room controller


AVE’s KNX room controller
Ideal for home and hotel, AVE Room Controller is a high-design solution with OLED display and touch controls, which ...