In one of the strangest smart grid hacker attacks ever, cybercriminals managed to penetrate the thermostats of a state government facility and a manufacturing plant in New Jersey. The Homeland Security Department‘s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) made the disclosure in a newsletter published last week. According to ICS-CERT, hackers exploited vulnerabilities in industrial heating systems which were connected to the internet, and then changed the temperature inside the buildings. Both heating systems were found through Shodan, a search engine of devices connected to the internet. The attacks took place in early 2012 and utilized a flaw (later fixed) in ]Tridium‘s building management software.
“This latest attack on Tridium’s building-management software is another example of how hackers are targeting the software supply chain to indirectly compromise the physical and IT infrastructures of businesses. […] In the past, many organizations relied on independent software vendors to test for vulnerabilities in their code base. However, as cyber-attacks increase, we expect organizations to go further and have applications tested by third-party service providers prior to their procurement and deployment,” Torsten George of IT risk management firm Agiliance told Fast Company.