You never know when malware will bite. Even browsing an online
restaurant menu can download malicious code, put there by hackers.
Much has been said that Target’s hackers
accessed the giant’s records via its heating and cooling system.
They’ve even infiltrated thermostats and printers among the “Internet of
Things”.
It doesn’t help that swarms of third parties are
routinely given access to corporate systems. A company relies upon
software to control all sorts of things like A/C, heating, billing,
graphics, health insurance providers, to name a few.
If just one
of these systems can be busted into, the hacker can crack ‘em all. The
extent of these leaky third parties is difficult to pinpoint, namely
because of the confidential nature of the breach resolution process.
A New York Times online report
points out that one security expert says that third party leaks may
account for 70 percent of data breaches, and from the least suspected
vendors, at that.
When the corporation’s software remotely
connects to all those other things like the A/C, vending machines, etc.,
this is practically an invitation to hackers. Hackers love this
“watering hole” type crime , especially when corporations use older
systems like Windows XP.
Plus, many of the additional
technological systems (such as videoconference equipment) often come
with switched-off security settings. Once a hacker gets in, they own the
castle.
The New York Times online report adds that nobody thinks to look in these places. Who’d ever think a thermostat could be a portal to cyber crime?
Security
researchers were even able to breach circuit breakers of the heating
and cooling supplier for a sports arena—for the Sochi Olympics.
One
way to strengthen security seems too simple: Keep the networks for
vending machines, heating and cooling, printers, etc., separate from the
networks leading to H.R. data, credit card information and other
critical information. Access to sensitive data should require super
strong passwords and be set up with a set of security protocols that can
detect suspicious activity.
Tuesday, July 29, 2014
Malware Can Hide in the Most Obvious Places
5:53 AM
Unknown