How Ransomware Attacks Might Affect Smart Buildings

Ransomware has become a decidedly ‘trendy’ cyber-attack topic for the media to cover. We looked at it ourselves earlier this year too, in our post on ‘how to deal with ransomware’. In it, we discussed how this particular form of cybercrime can affect people, and what is at risk. We touched on the turmoil that hackers have caused in hospitals and schools, as well as how businesses should look to educate their staff on preventative measures.

That was looking at ransomware from an individual’s perspective, from the domestic user who has their data files locked away, to businesses who are held to ransom for access to their servers. In this post, we would like to look at how the Internet of Things (IoT) might mean that buildings, as well as simply computers, might become the target for ransomware.

In the 21st century, the introduction of ‘Smart Buildings’ is revolutionising the way that a business’ premises can be managed. A smart building is one where the buildings’ services, technology and energy systems become interconnected, allowing for automation, communication and generally more productive and streamlined in-house processes.

These are considered ‘intelligent’ buildings, ones that run and monitor themselves without the need for human intervention. A good example might be the heating system. Automation means that the heat of the building can be determined by outside temperatures. If cold, turn up; if hot, turn down. This means only the energy required is ever used and the building is more efficient as a result.

There are many positives to smart buildings, from reduction in energy use, to the scalability of network systems. As ever though, there are also great risks in terms of cybersecurity. When a whole building is connected via a single network, it means that whoever has access to that network can feasibly take control of the building. This is why we have come up with the hypothetical scenario below. Although something that hasn’t yet occurred, the more trust we put in technology without applying suitable protection, the more likely this particular situation is to happen.

Imagine in your smart building that the heating and ventilation system develops a vulnerability. For a hacker, this is direct access into the network of the building, and the ability to control those systems attached. Now that the hacker has access to the heating, they can turn it up to scorching levels and force the sprinklers to come on. Not only will this completely ruin all electrical equipment, it will also force an evacuation of the building by staff. This is where the ‘ransom’ portion comes in.

With the building deserted, and the hacker in control of the backbone of the system, they can now lock all doors to the building, preventing any personnel from entering. At this point, your building has effectively been ‘hijacked’, with entry systems down and no other way to get inside. This all can happen without the criminal even being present. You may think that at least your security officers will still be in the building. In this situation, the hacker might look to release gas through the ventilation, meaning for health and safety protocol, the building really does need to be deserted.

It is at this point a business or organisation may feel inclined to pay any ransom demanded of them, in order to regain access to their building and their own ‘smart’ systems. Incredibly expensive, and hugely damaging to a reputation, this is a simple example of exactly how dangerous Smart Building technology can be if not correctly secured.

At Digital Pathways, we know a thing or two about securing against a cyber-attack, whether on a single device or a series of buildings. If you have embraced the digital age and currently reside in a Smart Building office environment, then speak to us today and make sure you have the protection required to avoid ever having to pay to enter your own premises.

The Threat of Ex-employees in Digital Security
The Potential Risks of the Internet of Things in our Homes