Threat landscape for smart buildings

[harlan4096]

The Kaspersky Industrial Cybersecurity Conference 2019 takes place this week in Sochi, the seventh such conference dedicated to the problems of industrial cybersecurity. Among other things, the conference will address the security of automation systems in buildings — industrial versions of the now common smart home. Typically, such a system consists of various sensors and controllers to manage elevators, ventilation, heating, lighting, electricity, water supply, video surveillance, alarm systems, fire extinguishing systems, etc.; it also includes servers that manage the controllers, as well as computers of engineers and dispatchers. Such automation systems are used not only in office and residential buildings, but in hospitals, shopping malls, prisons, industrial production, public transport, and other places where large work and/or living areas need to be controlled.

We decided to study the live threats to building-based automation systems and to see what malware their owners encountered in the first six months of 2019.

Malware and target systems

According to KSN, in H1 2019 Kaspersky products blocked malicious objects on 37.8% of computers in building-based automation systems (from a random sample of more than 40,000 sources).

It should be mentioned right away that most of the blocked threats are neither targeted, nor specific to building-based automation systems. In other words, it is ordinary malware regularly found on corporate networks unrelated to automation systems. This does not mean, however, that such malware can be ignored — it has numerous side effects that can have a significant impact on the availability and integrity of automation systems, from file encryption (including databases) to denial of service on network equipment and workstations as a result of malicious traffic and unstable exploits. Spyware and backdoors (botnet agents) pose a far greater threat, since stolen authentication data and the remote control it provides can be used to plan and carry out a targeted attack on a building’s automation system.

What are the threats of a targeted attack? First off, there is disruption of the computers that control the automation systems, and subsequent failure of the systems themselves, since not all of them are totally autonomous. The result may be a disruption of the normal operation of the building: electricity, water, and ventilation are likely to continue to work as before, but there may be problems with opening/closing doors or using elevators. There may also be problems with the fire extinguishing system, for example, a false alarm or, worse, no signal in the event of a fire.
...

Continue Reading