Finnish residents left literally in the cold as DDoS directed against building heating
Apartment occupants in at least two building in the city of Lappeenranta (located in eastern Finland) found themselves shivering as a DDoS directed at computers controlling the heating left them in the cold.
Valtia has been identified as the company charge of managing the buildings overall operation and maintenance. Per Valtia CEO, Simo Rounela, in both cases the systems that controlled the central heating and warm water circulation were temporarily disabled.
The systems that were attacked tried to respond to the attack by rebooting the main control circuit. This was repeated over and over so that heating was never working.
At this time of the year temperatures in Finland are below freezing and a long-term disruption in heat will cause both material damage as well as the need to relocate residents elsewhere.
Just a couple of month ago, an article (here) by Benjamin Freas in Forbes discussed the issue of protecting corporate building networks from cyber-attacks. Freas pointed out some of the potential ramifications of a cyber-attack against BAS. Not sure he was thinking about a DDoS directed against the heating system, but the idea is definitely similar.
For several years, information technology (IT) and operational technology (OT) have been converging. In commercial buildings, building automation systems (BASs) are trending toward more IT integration as building owners and facility managers see the value the technology creates. However, this increasing connection and interconnection of building systems also exposes them to malicious attacks from cyber criminals.
Should companies really worry about the impact of a breached BAS network? It seems like the worst that a hacker could do is turn off the lights. Of course, in critical facilities (such as hospitals and data centers), disruption in building conditions can have direct operational impacts. But the threat is greater than that. A cyber security breach launched through a building management system (BMS) or BAS can also compromise the integrity and security of corporate networks that are operating within the building.
More Here [Metropolitan]