In H1 2019 Kaspersky products blocked malicious objects on 37.8% of computers in building-based automation systems (from a random sample of more than 40,000 sources), which means almost 4 in teen computers, reveals a Kaspersky study on the threats against smart buildings.
The study shows that, although it is not clear if such systems had been deliberately targeted, they seldom end as a destination for various threats. Even if they are not no complex, many of these cyberattacks can represent a significant danger for the daily activities in the smart buildings.
Typically, such security of automation systems in buildings — industrial versions of the now common smart home- consists of various sensors and controllers to manage elevators, ventilation, heating, lighting, electricity, water supply, video surveillance, alarm systems, fire extinguishing systems, etc.; it also includes servers that manage the controllers, as well as computers of engineers and dispatchers. Such automation systems are used not only in office and residential buildings, but in hospitals, shopping malls, prisons, industrial production, public transport, and other places where large work and/or living areas need to be controlled.
What are the threats of a targeted attack? First off, there is disruption of the computers that control the automation systems, and subsequent failure of the systems themselves, since not all of them are totally autonomous. The result may be a disruption of the normal operation of the building: electricity, water, and ventilation are likely to continue to work as before, but there may be problems with opening/closing doors or using elevators. There may also be problems with the fire extinguishing system, for example, a false alarm or, worse, no signal in the event of a fire.
In terms of geographical distribution of the prevalence, Italy had the highest percentage of such cyberattacks in smart buildings (48.5%), closely followed by Spain (47.6%), UK (44.4%), Czechia (42.1%) and Romania (41.7%).
“Although these figures are relatively low compared to the wider landscape of treats, their impact must not be underestimated”, says Kirill Kruglov, security researcher Kaspersky ICS CERT.
“Imagine how it could be if the certifications in a highly security building would be stolen by a generic malware and then they would be sold on the black market. Or if the support system of a building would be blocked, because the essential processes had been encrypted by ransomware. The list of the potential scenarios is endless”, he added.