Listen to this Post
2025-02-06
In 2024, cybersecurity firm Forescout released its annual Threat Roundup, providing a stark picture of the growing vulnerabilities in industrial and building automation systems. While industrial automation protocols have long been a favorite target for cyberattacks, the report highlights a significant rise in threats directed at building automation systems. This shift is concerning, as it reveals an evolving attack landscape that requires heightened awareness from industries reliant on these systems.
The Forescout 2024 report is based on data gathered from their honeypots throughout the year, capturing incidents such as port scanning, brute force attempts, and exploitation of known vulnerabilities. The study emphasizes the increasing trend of cyberattacks targeting operational technology (OT), with a special focus on automation protocols. These attacks are not only exploiting well-known vulnerabilities but are also targeting emerging building automation protocols that were previously under the radar.
Forescout found that while industrial automation protocols like Modbus and Ethernet/IP continue to bear the brunt of OT attacks, building automation is rapidly catching up, reflecting an alarming trend in the convergence of threats across both sectors. Protocols for industrial automation systems accounted for 79% of attacks, while building automation now represents 9% of the total—up significantly from just 1% in 2023.
Among the most targeted OT protocols, Modbus saw a rise from 33% to 40%, followed by Ethernet/IP, which grew from 19% to 28%. However, protocols like DNP3 and Step7 experienced a decrease in attack frequency, from 18% to 8% for both.
Forescout’s findings also suggest that attackers are increasingly leveraging vulnerabilities outside of the CISA’s Known Exploited Vulnerabilities (KEV) catalog, with 73% of exploited vulnerabilities not listed in the KEV catalog—a notable increase from 65% in 2023. The vulnerabilities span products from various vendors, including ABB, Honeywell, Schneider Electric, and more, highlighting a broader range of threats in OT and industrial IoT ecosystems.
What Undercode Says:
The sharp rise in attacks on building automation systems is a key highlight of Forescout’s report. While industrial protocols have long been a primary focus for cybercriminals, the rapid increase in targeting building automation systems signals a shift in the landscape of cyber threats. This shift can be attributed to several factors, including the increased reliance on smart building technologies, more connected systems, and the growing integration of OT with IT networks, making them more vulnerable to cyberattacks.
Building automation systems, such as those managing HVAC, lighting, and security, are no longer isolated in physical infrastructures. As these systems increasingly become digitized and interconnected, they present a valuable target for threat actors who can exploit weak points in their protocols and security measures. Forescout’s observation that attackers are beginning to exploit vulnerabilities in building automation protocols, rather than relying solely on traditional vulnerabilities, underscores a broader trend of sophistication in attack strategies.
One key observation from the report is the rise in attacks exploiting vulnerabilities that have not been cataloged by the CISA’s KEV list. This points to a gap in public knowledge of critical vulnerabilities, with many manufacturers and software vendors still slow to patch known issues or fail to disclose them in a timely manner. As cybersecurity teams often rely on the KEV list to prioritize patching and defense, the increasing frequency of vulnerabilities outside this list poses a significant risk.
What’s equally concerning is that these attacks on building automation systems are happening at a time when their vulnerabilities are becoming more publicized. The example of ABB’s widely used building control product, which contains over 1,000 vulnerabilities, shows that even trusted brands are not immune to security flaws. This highlights the importance of not just patching existing systems but proactively assessing their security postures and anticipating new threats before they materialize.
The increased activity around building automation protocols also suggests that threat actors are diversifying their attack strategies. While protocols such as Modbus and Ethernet/IP continue to see the bulk of attacks, the expansion into newer protocols reflects a strategy of broadening the attack surface. As building automation systems grow in number and complexity, attackers are leveraging automation tools, such as botnets, to exploit these systems more efficiently. This is particularly dangerous because it reduces the response time available to security teams to detect and mitigate such attacks.
Moreover, the rise in attacks targeting both industrial and building automation systems emphasizes the growing convergence between these two domains. As industrial IoT devices become more integrated with enterprise IT networks, their exposure to the internet increases, and so does the risk of cross-sector vulnerabilities. This interconnectedness presents a perfect storm for attackers, who can use one compromised system as a stepping stone to launch attacks on others.
Ultimately, the Forescout report serves as a wake-up call to organizations managing OT and building automation systems. The sophistication of today’s threat actors means that simple security measures are no longer enough. To stay ahead of the curve, organizations must adopt a comprehensive cybersecurity strategy that includes regular patching, vulnerability scanning, and a proactive approach to monitoring emerging threats.
The alarming trends highlighted in the report also point to the need for increased collaboration between cybersecurity teams, system manufacturers, and regulatory bodies. With cyberattacks becoming more complex and widespread, industry stakeholders must work together to build a robust defense against evolving threats. The goal should not just be to protect individual systems, but to secure the entire ecosystem of connected devices that power both industrial and building automation environments.
In conclusion, the cybersecurity landscape for OT is shifting. Building automation systems are no longer an afterthought, and organizations need to treat them with the same urgency as industrial automation systems. The rise in attacks on both sectors highlights the need for a proactive, interconnected defense strategy that anticipates future threats before they turn into catastrophic breaches.
References:
Reported By: https://www.securityweek.com/building-automation-protocols-increasingly-targeted-in-ot-attacks-report/
https://www.linkedin.com
Wikipedia: https://www.wikipedia.org
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://craiyon.com
Undercode AI DI v2: https://ai.undercode.help
