Tuesday, July 29, 2014

Malware Can Hide in the Most Obvious Places

You never know when malware will bite. Even browsing an online restaurant menu can download malicious code, put there by hackers.

Much has been said that Target’s hackers accessed the giant’s records via its heating and cooling system. They’ve even infiltrated thermostats and printers among the “Internet of Things”.
It doesn’t help that swarms of third parties are routinely given access to corporate systems. A company relies upon software to control all sorts of things like A/C, heating, billing, graphics, health insurance providers, to name a few.
If just one of these systems can be busted into, the hacker can crack ‘em all. The extent of these leaky third parties is difficult to pinpoint, namely because of the confidential nature of the breach resolution process.

A New York Times online report points out that one security expert says that third party leaks may account for 70 percent of data breaches, and from the least suspected vendors, at that.
When the corporation’s software remotely connects to all those other things like the A/C, vending machines, etc., this is practically an invitation to hackers. Hackers love this “watering hole” type crime , especially when corporations use older systems like Windows XP.
Plus, many of the additional technological systems (such as videoconference equipment) often come with switched-off security settings. Once a hacker gets in, they own the castle.
The New York Times online report adds that nobody thinks to look in these places. Who’d ever think a thermostat could be a portal to cyber crime?

Security researchers were even able to breach circuit breakers of the heating and cooling supplier for a sports arena—for the Sochi Olympics.
One way to strengthen security seems too simple: Keep the networks for vending machines, heating and cooling, printers, etc., separate from the networks leading to H.R. data, credit card information and other critical information. Access to sensitive data should require super strong passwords and be set up with a set of security protocols that can detect suspicious activity.

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites