- Neeve
- Posts
- ⚡Are Your Building Systems Under AI Attack?
⚡Are Your Building Systems Under AI Attack?
Fines, leaks, and hacks—key cyber updates
Alison Bridge
July 08, 2025
Welcome to your essential briefing on threats at the intersection of cybersecurity and critical infrastructure, brought to you by Neeve, the edge cloud security platform for smart buildings, making built spaces secure, intelligent, and sustainable.
This Week’s Cyber Insights
The cybersecurity battlefield has fundamentally shifted as artificial intelligence becomes both the ultimate weapon and the last line of defense. Global cybercrime costs are projected to hit $10.5 trillion annually by 2025, with AI-driven attacks accounting for an unprecedented surge in sophisticated threats targeting critical infrastructure.
Ransomware attacks now represent 59% of all cyber incidents, with AI enabling hyper-realistic phishing campaigns
Manufacturing sector experienced 56% year-over-year increase in ransomware attacks in early 2024
Geopolitical tensions drive 97% of organizations to report heightened cyber threats since Russia-Ukraine conflict
Average data breach cost reached $4.88 million in 2024—a 10% increase from 2023
100% of financial services firms now plan to adopt AI-driven cybersecurity tools by end of 2025
🤔 The Bigger Picture:
AI creates a stark paradox—it enables both more sophisticated attacks and more powerful defenses, making building automation systems simultaneously more capable and more vulnerable. Organizations must embrace AI-driven cybersecurity tools now or face existential threats from attackers who already have.
Despite growing cyber threats targeting operational technology, most industrial organizations remain stuck using outdated risk models designed for legacy systems rather than today's interconnected infrastructure. The responsibility for OT cybersecurity is shifting from control engineers to CISOs, creating dangerous cultural friction that attackers are exploiting.
Legacy OT environments dominate with proprietary protocols and limited patching capabilities
IT departments often lack authority in OT environments despite having cybersecurity responsibility
Less than 80% of organizations have developed comprehensive OT security metrics
Most CISOs lack deep OT fluency, creating resistance from operations teams
Critical visibility gaps persist as many organizations fail to understand East-West traffic patterns in industrial networks
🤔 The Bigger Picture:
The cultural divide between safety-focused OT teams and security-focused IT teams creates dangerous blind spots that attackers exploit. Smart building operators must bridge these cultures through cross-functional governance that treats cybersecurity as an operational enabler, not a barrier.
A new report reveals that three-quarters of organizations have building management systems (BMS) affected by known exploited vulnerabilities, with 51% of those systems also linked to ransomware threats and insecurely connected to the internet. The findings expose a massive blind spot in critical infrastructure security as smart buildings become increasingly connected without adequate cybersecurity controls.
2% of BMS devices operate at the highest level of risk exposure, containing vulnerabilities actively exploited by threat actors
Many BMS still use default or hardcoded credentials, making unauthorized access trivial for attackers
Legacy building systems communicate using protocols that don't natively support encryption
Over half of organizations use four or more remote access tools, with some using as many as 16 different solutions
Vendors often lack multi-factor authentication on remote access tools used for building system maintenance
🤔 The Bigger Picture:
HVAC systems, elevators, and security controls in commercial buildings are operating with exploitable vulnerabilities that ransomware groups actively target. Facility managers must treat building automation systems as critical infrastructure requiring the same security rigor as IT networks.
Further Alerts & Insights
⚡ AI Development Creates New Security Blind Spots in Infrastructure
Security experts warn that AI-assisted development is pulling in hundreds of dependencies at unprecedented speed, creating massive blind spots in software stacks powering critical building systems. Current AppSec tools struggle to identify vulnerabilities in AI-generated code, while developers increasingly trust AI-generated deployment scripts without understanding the underlying security implications for infrastructure systems.
🏛️ Policymakers Warn of CISA Resource Gaps Amid AI Threat Evolution
Rep. Eric Swalwell and former Rep. Will Hurd highlighted critical cybersecurity infrastructure gaps at an Axios event, warning that phishing attacks have increased 4,000% since ChatGPT's introduction. With CISA facing job cuts and lacking Senate-confirmed leadership, officials expressed concern about the agency's ability to coordinate "shields-up" responses to escalating nation-state threats from Iran, China, and Russia.
💻 Major IT Distributor Ingram Micro Hit by SafePay Ransomware
Global technology distributor Ingram Micro confirmed a ransomware attack that began Thursday morning, forcing the shutdown of internal systems including their AI-powered Xvantage distribution platform and Impulse license provisioning system. The SafePay ransomware group, active since November 2024 with over 220 victims, reportedly breached the company through its GlobalProtect VPN platform using compromised credentials.
🇨🇳 Chinese Hackers Exploit Ivanti Zero-Days Against French Critical Infrastructure
French cybersecurity agency ANSSI revealed that Chinese threat group Houken exploited three zero-day vulnerabilities in Ivanti Cloud Services Appliance devices to target government, telecom, media, finance, and transport sectors. The attackers deployed sophisticated rootkits and web shells, then attempted to patch the vulnerabilities to prevent other threat actors from exploiting the same systems, demonstrating advanced operational security practices.