A DDoS attack has knocked off the internet-connected building management system of two buildings in Lappeenranta, Finland for three days.

The attack was directed at the heating and water systems, and with temperatures below freezing, many of the residents were forced to relocate.

The system continued to reboot, but was unable to and therefore was unable to supply heat to the building. The buildings are under management by Valtia.

The system is internet connected so that Valtia can monitor the heating and water system and shut down if there are discrepancies to prevent potential damage.

The DDoS attack started on Tuesday 1 November and ended on Thursday afternoon. The attack is being blamed on the Mirai botnet and was rectified by installing a firewall on the system in order to limit network traffic.

Finnish news outlet Metropolitan.fi (English) wrote: “Building maintenance specialist Sami Orasaari confirms that building automation security is often neglected. Many housing companies or private owners do not want to invest in network firewalls and that security in general tends to be lax. In this case the devices targeted were attacked because they've been found to be vulnerable and the attackers have scanned networks to find more of them.”

Source: SCMagazine