A look into the recent Target hacking, a “watering hole attack,” and how today online security must be overly cautious.
The New York Times recently released an article discussing the recent developments
in online security threats and hacking. The article detailed a story that seems almost fictional because it seems as though it couldn’t be possible. Unable to breach the computer network at a big oil
company, hackers infected with malware the online menu of a Chinese restaurant that was popular with employees. When the workers browsed the menu, they inadvertently downloaded code that gave the attackers a foothold in the business’s vast computer network.
This phenomenon of using a vendor is known as a “watering hole attack” is the online equivalent of a predator lurking by a watering hole and pouncing on its thirsty prey.
Target’s credit card hackers, a situation that we all heard about, gained access to the retailer’s records through its heating and cooling system. In other cases, hackers have used printers, thermostats and videoconferencing equipment.
A watering hole attack, while not super common, is a potential threat to be weary of. Security experts say vendors are tempting targets for hackers because they tend to run older systems, like Microsoft’s Windows XP software. Also, security experts say these seemingly innocuous devices — videoconference equipment, thermostats, vending machines and printers — often are delivered with the security settings switched off by default. Once hackers have found a way in, the devices offer them a place to hide in plain sight.
It’s vitally important for communications professionals to not only keep our information safe, but also to ensure the security of our client’s information. Often times we are entrusted with very secret, internal information. Without being wary of potential threats, we are opening ourselves, and in turn our clients, to threats.
- My Main Lesson: Always Grow as a Person - May 2, 2014
- Amazon Take Over: Amazon Deliveries in the Works - April 25, 2014
- A Watering Hole Attack: Living with Online Security Threats - April 11, 2014