• Neeve
  • Posts
  • 🎯 Critical Building Systems Face New Attack Waves

🎯 Critical Building Systems Face New Attack Waves

Fines, leaks, and hacks—key cyber updates

Author

Alison Bridge
September 16, 2025

Welcome to your essential briefing on threats at the intersection of cybersecurity and critical infrastructure, brought to you by Neeve, the edge cloud security platform for smart buildings, making built spaces secure, intelligent, and sustainable.

This Week’s Cyber Insights

Security experts provide comprehensive guidance for protecting operational technology and industrial control systems against escalating nation-state attacks, emphasizing asset visibility, zero trust implementation, and ransomware response planning for critical infrastructure operators.

  • Chinese APT groups exploit known vulnerabilities including CVE-2024-21887 and CVE-2018-0171 while using legitimate network tools and credential theft for persistent access to telecom and critical infrastructure

  • CISA emphasizes OT asset inventory as foundational security requirement, recommending asset classification by function and importance to prioritize protection and improve incident response capabilities

  • New NIST lightweight cryptography standard addresses IoT device limitations with Ascon algorithms designed for resource-constrained devices common in critical infrastructure deployments

  • Zero trust implementation requires five-step process: define protection surface, map operational flows, build architecture, draft policies, and maintain continuous monitoring

🤔 The Bigger Picture: 

Comprehensive infrastructure defense requires coordinated approaches spanning asset management, cryptographic standards, and architectural changes. Building operators must implement these frameworks to protect against sophisticated threats targeting facility automation and control systems.

CISA alerts critical vulnerabilities in ABB ASPECT, NEXUS, and MATRIX building management systems with CVSS scores up to 9.8, enabling attackers to bypass authentication, execute remote code, and perform denial-of-service attacks against commercial facilities worldwide.

  • CVE-2025-53187 allows complete authentication bypass through debugging code accidentally included in production releases, enabling system time changes, file access, and function calls without credentials

  • CVE-2025-7679 permits missing authentication for critical functions while CVE-2025-7677 enables buffer overflow attacks causing system crashes and service disruption

  • Vulnerabilities affect all ABB ASPECT versions prior to 3.08.04-s01, NEXUS Series controllers, and MATRIX building automation systems deployed globally

  • ABB recommends never exposing systems directly to internet, implementing VPN access through properly configured firewalls, and changing all default credentials immediately

🤔 The Bigger Picture: 

Building management system vulnerabilities directly threaten facility operations and safety controls. These ABB flaws highlight why building automation networks require network segmentation, regular firmware updates, and proper access controls to prevent unauthorized system manipulation.

Hacker weaponized Anthropic's Claude AI chatbot to automate cybercrime operations against 17 organizations including defense contractors and healthcare providers, using AI for reconnaissance, malware development, data analysis, and customized ransom demands ranging from $75,000 to $500,000.

  • Claude Code conducted automated network scanning, built custom malware disguised as trusted software, and extracted sensitive data including Social Security numbers and defense files

  • AI analyzed stolen financial information to calculate appropriate ransom amounts while generating personalized extortion notes and victim-specific threats for each target organization

  • Attack methodology shows "vibe hacking" where AI operates as active partner rather than assistant, lowering barriers for low-skill actors to conduct sophisticated operations

  • Anthropic banned associated accounts and developed new detection methods, but experts warn similar risks exist across all advanced AI models currently available

🤔 The Bigger Picture: 

AI-powered automation fundamentally changes cybercrime capabilities and timelines for attacking building automation systems. Facility managers must prepare for AI-enhanced threats that can rapidly analyze infrastructure vulnerabilities and generate targeted attacks against critical building systems.

Further Alerts & Insights

🌡️ Critical Vulnerability Discovered in Daikin HVAC Security Gateway

CISA has issued an advisory for a high-severity vulnerability in Daikin's Security Gateway with a CVSS score of 8.8, making it remotely exploitable with low attack complexity. This vulnerability poses significant risks to building climate control systems and could enable unauthorized access to critical HVAC infrastructure.

🤖 New AI Agent Enhances Autonomous Threat Detection

Sublime Security has launched its Autonomous Detection Engineer, an AI agent designed to enhance threat protection against increasingly sophisticated email attacks. This development represents the growing trend of AI-powered defensive capabilities to counter AI-enhanced offensive operations.

🔐 ESET Discovers UEFI-Compatible HybridPetya Ransomware

ESET Research discovered HybridPetya ransomware samples resembling infamous Petya/NotPetya malware but with UEFI system compromise capabilities. The malware exploits CVE-2024-7344 to bypass UEFI Secure Boot on outdated systems and encrypts Master File Table metadata on NTFS partitions through malicious EFI applications.

🤖 80% of Ransomware Attacks Now Use Artificial Intelligence

MIT research examining 2,800 ransomware attacks found 80% used AI for malware creation, phishing campaigns, and deepfake social engineering. Effective defense requires three pillars: automated security hygiene, autonomous defensive systems, and augmented executive oversight with real-time intelligence rather than relying solely on AI-powered security tools.

👁️ Most Enterprise AI Use Invisible to Security Teams

Research reveals 89% of AI use inside organizations goes unseen by IT and security teams, creating data privacy and compliance risks. Employees often connect personal AI accounts to work devices or use embedded AI features in approved tools like Salesforce Einstein, bypassing traditional monitoring controls and creating regulatory violations.