Hackers Are Sneaking Via Unlikeliest of Places, Try Vending Machines And Air Conditioning Units
The hacking community is getting innovative with their attempts to break into organizations which are otherwise heavily fortified.
In light of recent events it is now clear that hackers are really thinking outside the box and exploring alternative weak links to hack into a secure system. Quite recently these talented, yet ill–intentioned people chose to sneak into secure servers of a company via a Chinese restaurant that was popular with employees.
Unable to breach the computer network at a big oil company, hackers infused malware within the online menu of a Chinese restaurant the employees frequented. When the workers browsed the menu, they unknowingly downloaded malicious code. Once on the phone, the hackers had to merely wait for the devices to be hooked onto internal network to sneak their code further into the servers which were impregnable by a direct attack. Such a clever technique gave the attackers a foothold in the business’s vast computer network, without having to physically approach an internal terminal to send in the Trojan horse, reported NY Times.
Though the oil company has taken a serious note of the same and summoned security experts to address the issue, it isn’t divulging information for fear of its reputation. If this is not clever or scary enough, in a separate instance, hackers went completely off the books by tapping into the secure network via the Air-conditioning control systems. Hackers, who managed to demolish Target’s payment card data warehouse and gain access to the retailer’s records, did so by sneaking through its heating and cooling system, reported KrebsonSecurity.
These incidents clearly indicate that companies scrambling to seal up their systems from hackers and government snoops are forced to look in the unlikeliest of places for vulnerabilities. Such cases will only increase in the complexities owing to the fact that many frivolous systems are routinely hooked to the primary network either due to budgetary constraints or sheer negligence. Needless to say such non critical services are often poorly protected and can be easily crippled.
“The beauty is no one is looking there. So it’s very easy for the adversary to hide in these places.” said George Kurtz, the Chief Executive of Crowdstrike, a security firm.
As more and more systems become internet and network connected, it is rightly feared that this problem will grow in complexity.
[Image Credit | sevacall]