- Neeve
- Posts
- ⚡ Building Systems Under Attack
⚡ Building Systems Under Attack
Fines, leaks, and hacks—key cyber updates
Alison Bridge
July 29, 2025
Welcome to your essential briefing on threats at the intersection of cybersecurity and critical infrastructure, brought to you by Neeve, the edge cloud security platform for smart buildings, making built spaces secure, intelligent, and sustainable.
This Week’s Cyber Insights
The Royal Institution of Chartered Surveyors identifies cybersecurity as one of the biggest threats to building owners, with new research revealing alarming increases in successful attacks on commercial properties.
27% of UK facilities managers reported cyber attacks in last 12 months (up from 16%—a 69% increase)
Targets include BMS, CCTV networks, IoT devices, access control, HVAC, and energy management systems
Many buildings use Windows 7 (unsupported for 5+ years) despite opening as recently as 2013
Attacks threaten insurance coverage, building value, regulatory compliance, and operational continuity
RICS published 5-point action plans for owners, managers, occupiers, and governments
🤔 The Bigger Picture:
This surge validates the urgent need for comprehensive smart building security strategies. Facility managers can no longer treat cybersecurity as an IT problem—it's fundamental to building operations, tenant safety, and asset value preservation.
Nozomi Networks discovered 13+ vulnerabilities in Tridium's Niagara Framework—used in HVAC, lighting, energy management, and security systems—enabling network attackers to achieve complete system compromise.
Thirteen vulnerabilities — NIST’s National Vulnerability Database lists several with CVSS scores up to 9.8 (“Critical”), whereas Honeywell / Tridium’s May bulletin SB‑2025‑Tridium‑1 rates the same issues between 4.1 and 7.7 (“Medium–High”).
CVE-2025-3943 + CVE-2025-3944 exploit chain enables root-level remote code execution
Attackers intercept anti-CSRF tokens, steal admin sessions, create backdoor users, and extract TLS certificates
Framework manages devices from multiple manufacturers across building management and industrial automation
Fixed in Niagara Framework versions 4.14.2u2, 4.15.u1, or 4.10u.11
🤔 The Bigger Picture:
Niagara's widespread deployment in critical building systems makes these vulnerabilities particularly dangerous for facility operations. Organizations must immediately patch and review hardening configurations, as compromise could enable attackers to control HVAC, security, and safety systems across entire facilities.
New Gigamon research reveals 59% of security leaders report tangible increases in AI-orchestrated cyberattacks, with adversaries leveraging machine learning algorithms to automate data gathering, pattern recognition, and campaign planning across attack lifecycles.
AI-powered attacks now span advanced phishing, smishing, and ransomware using deepfakes, polymorphic malware, and real-time network exploitation techniques
Unsupervised learning algorithms analyze massive datasets from social media, public records, and dark web sources to exploit vulnerabilities more efficiently than traditional methods
Hong Kong finance professional deceived into transferring $25 million after video call with AI-generated deepfakes impersonating company CFO and colleague
Polymorphic malware like LummaC2 Stealer mutates with each infection, slipping past signature-based defenses while AI accelerates exploitation of hybrid cloud infrastructures
Attackers use AI to fragment exfiltrated data, mimic benign protocols, and rotate command-and-control infrastructures, requiring encrypted traffic analysis and behavioral baselining for detection
🤔 The Bigger Picture:
AI-powered attacks fundamentally change building security dynamics as smart building systems become prime targets for automated reconnaissance and lateral movement. Facility managers must implement AI-driven defenses, ensure visibility across building networks, and recognize that traditional security approaches are insufficient against adaptive ML-based threats targeting operational technology.
Further Alerts & Insights
🤖 AI vs AI: The New Cybersecurity Arms Race
NY Times analysis reveals AI-powered cybercrime surge with phishing attacks increasing 40-fold since ChatGPT launch. While criminals use AI for deepfakes and malware generation, defenders deploy algorithms to analyze millions of network events per second, creating an automated cat-and-mouse game moving at machine speed.
⚡ Con Edison Deputy CISO: IT and OT Security Worlds Converging
Carmine Valente discusses how cloud evolution and OT internet connectivity are merging traditionally separate security domains. Critical infrastructure faces convergent threats as ransomware, supply chain attacks, and AI-enhanced threats now target both IT and operational technology environments simultaneously.
💻 UNC3944 Targets VMware Infrastructure with Hypervisor-Level Attacks
Scattered Spider-associated group launches sophisticated campaigns against vSphere environments using social engineering and "living-off-the-land" tactics. Attackers bypass traditional EDR by operating at hypervisor level, extracting NTDS.dit databases offline before ransomware deployment.