Pierluigi Paganini
November 09, 2016
What does a DDoS with everyday life? The recent attack against the Dyn DNS service powered by an IoT botnet demonstrated the weakness of modern society to cyber threats.
Anyway, to better explain this strong dependency to a no tech-savvy it could be useful to share the news that I’m going to tell you.
The residents in two apartment buildings in Lappeenranta, Finland, had faced more that a week of serious problem due to a DDoS attack that targeted the building control systems.
The cyber attack targeted the building management systems and halted the heating distribution. The systems were isolated from the Internet and the systems went into an endless loop of reboot attempts trying to reestablish a normal situation.
“A Distributed Denial of Service (DDoS) attack halted heating distribution at least in two properties in the city of Lappeenranta, located in eastern Finland. In both of the events the attacks disabled the computers that were controlling heating in the buildings.” reported the news outlet Metropolitan.fi.
The equipment that was targeted in the attack was built by the company Fidelix whom representative Antti Koskinen confirmed other similar attacks hit systems in the country.
The apartments are managed by a company called Valtia, Simo Rounela, CEO of the company told Etelä-Saimaa the DDoS attack hit the building management systems.
I believe that we cannot underestimate such kind of incidents, building management systems are an easy target for cyber criminals and hackers. It is quite easy to locate Web-based HMI/SCADA for building automation and other systems for the building control that are exposed online. Searching engines like Shodan and Censys allow locating online any kind of computer systems providing to the attackers useful information to power a cyber attack.
In many cases, building control systems are not properly configured and there aren’t specific measures in place to protect them.
Consider also that it is very easy and cheap to power a DDoS attack today, the criminal underground is plenty of actors that offer DDoS botnet for rent and any other kind of booter software.
The Valtia company published an official announcement to confirm the attack and highlighted that the risks for such kind of attacks in the area.
“The local newspaper Etelä-Saimaa was a story last week, a denial of service attack on the real estate automation systems.
Similar attacks are easy to fend off a firewall or any other security solution. In this case, the possible attacks to stop and the actual control system continues to operate normally. the existing systems behind a firewall does not even tend to attack, so the situation will improve in that respect.” says Valtia.
At the same time discussions had commented that the reason why sys systems must be connected to the network at all? Here are a couple examples of customer:
-. Alarms
Over 90% of the area of terraced houses or larger buildings will not send an alarm at the moment, even if the heat is switched off or radiator pressure disappears. In this case, the damage will increase, repair time will increase and costs rise
– Management.
The systems must be actively monitored and adjusted. Some of this work can be done via a computer remotely, such as temperature setpoints and ventilation controls. In still must still happen, but rarely. This brings direct savings in costs and speed up considerably the work. Sometimes the destination can not be more than 100 kilometers from the maintenance office”
The incident highlights the importance of the proper management of building control systems with particular concern for their cyber security. These systems have to be properly configured and their software continually upgraded in order to fix security vulnerabilities discovered across their lifecycle.
“Building maintenance specialist Sami Orasaari confirms that building automation security is often neglected. Many housing companies or private owners do now want to invest in network firewalls and that security in general tends to be lax. In this case the devices targeted were attacked because they’ve been found to be vulnerable and the attackers have scanned network to find more of them.” reported the metropolitan.fi.
“The cause of the issues were not apparent to regular maintenance task, because they have little or no training related to network attacks against the systems they routinely operate. The attack comes following a series of attacks done using so-called Internet of Things (IoT) devices.”
[adrotate banner=”9″]
(Security Affairs – building control systems , hacking)
