CONTINUE TO SITE »
or wait 15 seconds

Blog

Malware can hide in the most obvious places

In a New York Times online report, one security expert said that third-party leaks might account for 70 percent of data breaches - and from the least suspected vendors, at that.

August 1, 2014

You never know when malware will bite. Just browsing an online restaurant menu can enable the download of malicious code by hackers.

Hackers gained access to retail giant Target's records through its heating and cooling system. They've even infiltrated thermostats and printers on the "Internet of Things".

It doesn't help that swarms of third parties are routinely given access to corporate systems. A company relies upon software to control all sorts of things — A/C, heating, billing, graphics, health insurance providers, to name a few.

If just one of these systems can be busted into, the hacker can crack 'em all. The extent of these leaky third parties is difficult to pinpoint, namely because of the confidential nature of the breach resolution process.

In a New York Times online report, one security expert said that third-party leaks might account for 70 percent of data breaches, and from the least suspected vendors, at that.

When a corporation's software remotely connects to all those other things such as A/C, vending machines, etc., it's practically an invitation to hackers. Hackers love this "watering hole" type crime, especially when corporations use older systems like Windows XP.

Plus, many additional technological systems (such as video conference equipment) often come with switched-off security settings. Once a hacker gets in, they own the castle.

The New York Times online report said that nobody thinks to look in these places. Who'd ever think a thermostat could be a portal to cybercrime?

Security researchers were even able to breach circuit breakers of the heating and cooling supplier for a sports arena — for the Sochi Olympics.

One way to strengthen security seems too simple: Keep the networks for vending machines, heating and cooling, printers, etc., separate from the networks leading to HR files, credit card data and other critical information.

Additionally, access to sensitive data should require super-strong passwords, and should be set up with security protocols that can detect suspicious activity.

Robert Siciliano is an identity theft expert to AllClearID and the author of "99 Things You Wish You Knew Before Your Identity Was Stolen."

photo courtesy liz west | flickr

Related Media

Security
Examining biggest ATM security issues and 4 strategies to prevent them
Security
Banking privacy: 5 benefits for banks, customers
Security
Protecting an ATM's hardware, software by slowing down criminals
On-Demand Webinar
A Masterclass in ATM Security: Global Best Practices and Trends
Presented by Diebold Nixdorf

Software
Top 10 ATM software solutions
Software
Examining the past, present and future of XFS
Commentary
ATM features: 5 to include
Special Report
2024/25 ATM & Self-Service Software Trends
Presented by KAL ATM Software GmbH
Recent Posts
ATM fees increase for 3rd consecutive year
The Farmers Bank renames branches, converts ATMs to ITMs
ATM check deposit fraud on the rise in Honolulu
Nymeo Federal Credit Union wins recognition as 1 of the best workplaces in Maryland
ParaScript intros verification solution for checks


©2025 Networld Media Group, LLC. All rights reserved.
b'S2-NEW'