To infiltrate the network of a big oil company, hackers found a Chinese restaurant that was popular with that company’s employees, then infected the online menu with malware. This is the kind of thing that makes people seriously consider living in a log cabin in the woods.
The menu operation is just one example of hackers’ modern-day tactics and exploits, reported the New York Times.
From heating and ventilation systems to printers and even vending machines, hackers utilize unconventional methods to reach corporate targets. The first breach in the notorious Target hack of last year, for example, was conducted through the heating and cooling systems. Hackers and security researchers alike have learned that interconnected networks are the weakest point in corporate security systems.
Last year, security researchers found a way into Google’s headquarters in Sydney, Australia, and Sydney’s North Shore Private hospital—and its ventilation, lighting, elevators and even video cameras—through their building management vendor. More recently, the same researchers found they could breach the circuit breakers of one Sochi Olympic arena through its heating and cooling supplier. Fortunately, the researchers were merely testing for flaws that could have been exploited by real hackers.
The problem is, those third-party services—vending machines, heating systems, etc.—are interconnected with the more crucial systems like billing and HR in many companies, but they’re not subject to the same security standards. If a hacker can access one of those systems (which usually run on older operating systems like Windows XP), they can use it as a gateway to gain entrance into more secure networks.
Separating the networks could solve a huge chunk of this issue for corporations, but it won’t help anything if the security teams continue to fall asleep at the wheel.
Illustration by Jason Reed