Smart buildings threat landscape: 37.8% targeted by malicious attacks in H1 2019
Almost four in ten (37.8%) computers used to control smart building automation systems were subject to some kind of malicious attack in the first half of 2019, according to an overview of smart building threats conducted by Kaspersky.
This study shows that while it is unclear if such systems were deliberately targeted, they often become a destination for various generic threats. Despite not being sophisticated, many of these threats may pose significant danger to everyday smart building operations.
Smart building automation systems typically consist of sensors and controllers used to monitor and automate the operation of elevators, ventilation, climate controls, electricity and water supplies, fire alarms, video surveillance, access controls and many other critical information and security systems. These systems are generally managed and controlled via generic workstations, which are often connected to the internet. A successful attack against such a workstation can easily result in the failure of one or several critically important smart building systems. Based on analysis of telemetry processed by around 40 thousand randomly chosen Kaspersky security solutions, deployed at smart buildings around the world, cyberattacks that could cause such damage are a reality.
Out of the 37.8% protected smart building systems management computers that were targeted, more than 11% were attacked with different variants of spyware – malware aimed at stealing account credentials and other valuable information. Worms were detected on 10.8% of workstations; 7.8% received phishing scams, and 4.2% encountered ransomware.
The majority of these threats came from the internet, with 26% of infection attempts being web-born. Removable media, including flash sticks, external hard drives and others, were responsible in 10% of cases; another 10% faced threats via email links and attachments. 1.5% of smart building computers were attacked from sources within the organization network, such as shared folders.
When it comes to the prevalence of attacks across different territories, Italy (48.5%) had the highest percentage of attacked smart building computers, closely followed by Spain (47.6%), the UK (44.4%), Czech Republic (42.1%) and Romania (41.7%).
“While these figures are relatively low in comparison to the wider threat landscape, their impact should not be underestimated. Imagine if credentials from a highly secured building are stolen by a generic piece of malware and then sold on the black market. Or a sophisticated building’s life support system is frozen because essential processes have been encrypted by yet another ransomware strain. The list of possible scenarios is endless. We urge security teams, whose area of responsibility covers IT networks of smart buildings, not to forget that they need protection. Even a basic solution will provide benefits and defend the organization against potentially crippling attacks”, - said Kirill Kruglov, security researcher at Kaspersky ICS CERT.
In order to protect a smart building from the risks of cyberattack, Kaspersky experts advise:
- Ensuring smart building IT infrastructure is protected with a reliable security solution tailored to specific ICS environments, like Kaspersky KICS
- Conducting regular security audits of smart building IT infrastructure to identify and eliminate possible vulnerabilities
- Providing the security team responsible for protecting a smart building’s IT infrastructure with up-to-date threat intelligence.
Read the full text of the report on Securelist.com
About Kaspersky
Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.
Smart buildings threat landscape: 37.8% targeted by malicious attacks in H1 2019
Kaspersky
Related Articles Press Releases
Updated Kaspersky Security for Mail Server offers advanced content filtering and enhanced visibility for SOC
Kaspersky has announced a significant update to its Kaspersky Security for Mail Server, designed to strengthen systems against emerging email threats. The latest version of Kaspersky Security for Mail Server features advanced functionality for content filtering, quarantine management, and enhanced visibility for Security Operations Centers (SOC).Read More >Innovation journey: Dubai welcomed Kaspersky's Cyber Immunity Conference
Leading cybersecurity experts, scientists, business leaders and government officials from more than 20 countries worldwide have come together for the inaugural international Cyber Immunity Conference. Exploring the complex and evolving cyberthreat landscape the conference provided invaluable insights into the future of our digital age and celebrated the pioneering efforts of the first Cyber Immunity Champions.Read More >Kaspersky Thin Client 2.0: Cyber Immune protection with enhanced connectivity, performance and design
Kaspersky has presented an updated operating system for thin clients that offers enhanced connectivity, higher speed of applications delivery, lower total cost of ownership, user-friendly graphical interface and quick deployment. Kaspersky Thin Client 2.0 is the main component of the Cyber Immune solution for building thin client infrastructure in a wide range of industries, including healthcare, finance, education and manufacturing.Read More >
We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.