Would Sir Like Malware With His Meal?

Just when you thought it was safe to get back into the (digital) water, after ditching Window XP and upgrading your home or office PC, comes the news that hackers managed to get into an oil company’s’ systems through a Chinese takeaway menu!

Yes… you read correctly, this ingenious restaurant menu hack was the key to grabbing crucial company data.

How did they do it?  According to the report in the New York Times, “hackers infected with malware the online menu of a Chinese restaurant that was popular with employees. When the workers browsed the menu, they inadvertently downloaded code that gave the attackers a foothold in the business’s vast computer network“.

This form of infiltration is referred to as watering hole attack.  Just as predatory crocodile lurks by a watering hole in the Masai Mara ready to pounce on a thirsty gazelle, so does this malware await its opportunity.

And no, before you ask, I doubt if Edward Snowden every set foot in this restaurant but it does go to prove just how clever and pervasive cybercrime has become.

Any system or device that uses software is now prone to these types of attack whether it be climate control systems, printers or even vending machines.  Once you can break into one device you have a pathway to break into an enterprises’ entire system. I doubt if many people truly appreciate the sophistication and cunning of today’s cyber criminals and spooks.

The NYT article also details that 23-70% of attacks dealt with by network security agencies emanate from third party devices.  It is also worth mentioning that many of the devices mentioned above such as vending machines (and surprisingly ATMs) still run of Windows XP and as of this month, Microsoft has ceased its support for this software leaving it even more vulnerable.

30% of the world’s personal computers still run on Windows XP which represents a massive challenge to stopping the proliferation of malware.  If you have a spare £5.5m you can always do what the UK government has just done and buy yourself some extra breathing space.  But for most mere mortals such as yours truly, this was not an option.

The Year of the Mega Breach

Symantec’s most recent Internet Security Report 2014 labelled 2013 as the Year of the Mega Breach as the  number of attacks were 62 percent greater than in 2012, with 253 total breaches. Eight of the breaches last year exposed more than 10 million identities each!

Ransomware attacks, which as the same suggest hijack and lock a system until a ransom is paid, grew by 500% in 2013. Cryptolocker is the best known of this type of malware.

I have made a mental note to be more careful when selecting from a menu in a restaurant in the future. The ‘Chef’s Special’ may not turn out to be quite what it seems at first glance.

Malware in spoup

Enhanced by Zemanta
Advertisements

About thedigitalconsultant

Roger Smith is an international, digital consultant and former British Council Director of Online Operations within the East Asia region. http://thedigitalconsultant.blogspot.com
This entry was posted in Security and tagged , , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s