A recent article by American Security Researcher Stephen Cobb, highlights the latest cybersecurity threat for businesses Worldwide – Seigeware. Another tactic to add to cybercriminals’ repertoire. Siegeware is where a buildings’ technology is hacked into, and is a very real threat for a growing number of businesses.

You are the person in charge of operations for a property company that manages a dozen buildings in a number of cities. What would you do if you got the following text on your phone?

“We have hacked all the control systems in your building at 400 Main Street and will close it down for three days if you do not pay $50,000 in Bitcoin within 24 hours.”

As with other forms of cybercrime, you are backed into a corner where the only option for release is to pay the ransom.

What’s the risk for your business?

‘Control systems’ also known as Building Automation Systems (BAS) or Building Management Systems (BMS) remotely manage various elements of a building from air conditioning and heating to fire alarms and security systems. So you can imagine, if someone hacked into these systems they could cause real disruption to the building and its occupants.

How can you minimise the risk?

• Segregate the networks that each system uses
• Only allow access to users that require access (principle of least privilege)
• Ensure that any security patches are applied as soon as possible
• Keep a maintenance contract with the supplier, that requires them to update software
• Do not connect BAS/BMS systems to the internet unless necessary

Still concerned?

You may not use any remotely controlled software currently and think that this is irrelevant to you but with the speed of which technology is progressing it won’t be long until all businesses will be using some form of BAS/BMS. Get in touch with us today and we can review your systems and put in place defensive strategies to best protect your business from seigeware attacks.

https://www.welivesecurity.com/2019/02/20/siegeware-when-criminals-take-over-your-smart-building/