Finnish news website Etelä-Saimaa is reporting that a DDoS attack on the internet-connected building management system of two tower blocks in the district of Lappeenranta, Finland, had taken their building management systems offline for three days.
The primary systems affected were the heating and water systems. With temperatures in Finland below freezing, disruption in the heating could cause both material damage as well as force residents to relocate.
The building, managed by property management company Valtia, had its internet connection blocked by the attack, which meant the building management system kept rebooting itself in an attempt to reconnect to the internet. As a result, the building was not able to supply heating into the building because it was not able to start the relevant systems.
A post on Valtia's website (in Finnish) explained that the systems were connected to the internet for safety and management reasons. The system is designed to alert the property management company if there are discrepancies in temperature or radiator pressure. If the data couldn't be sent, the system would shut down to prevent potential damage.
The company can also remotely manage the heating systems which “brings direct savings in costs and speed up considerably the work”.
Speaking with news website Etelä-Saimaa (Finnish), Simo Rounela, CEO of Valtia said the attack started around noon on Tuesday 1 November and ended on Thursday afternoon.
Another Finnish news outlet, Helsingin Sanomat, which blamed the Mirai botnet for the attack, also spoke with Rounela (Finnish) who said the attack was brought to a standstill by installing a firewall to limit network traffic.
Fidelex, who built the systems, told Finnish news outlet Metropolitan.fi (English) that it's seeing similar incidents around the country.Metropolitan.fi wrote, “Building maintenance specialist Sami Orasaari confirms that building automation security is often neglected. Many housing companies or private owners do not want to invest in network firewalls and that security in general tends to be lax. In this case the devices targeted were attacked because they've been found to be vulnerable and the attackers have scanned networks to find more of them.”