Hackers are Hijacking Vulnerable Smart Building Access Systems to Launch DDoS Attacks
Attackers are hijacking vulnerable smart building access systems and using them to launch distributed denial-of-service (DDoS) attacks. There has been increased scanning for Nortek Security & Control (NSC) Linear eMerge E3 systems that are vulnerable to a known critical command injection flaw.
Back in late 2013, SANS held an Internet of Things Security Summit where we pointed out smart building systems as the most likely future attack path for real business damage, vs. other attacks. The growth of commercial real estate being developed with wired and wireless networks built in, and with elevator, HVAC systems on the network with remote access to all those systems means many companies are putting their internal systems onto building networks that are being run quite often at very low levels of security hygiene.