Communications of the ACM
Hackers Lurking in Vents and Soda Machines
Hackers are exploiting overlooked vulnerabilities in third-party access points.
Credit: Shutterstock
Companies are rushing to identify and close security flaws in unlikely places, because hackers are exploiting overlooked vulnerabilities in third-party access points ranging from online restaurant menus to soda machines to heating and cooling systems.
"We constantly run into situations where outside service providers connected remotely have the keys to the castle," notes FlowTraq CEO Vincent Berk.
Third-party negligence was responsible for 23 percent of data breaches, according to a 2013 Ponemon Institute survey. Security researchers say hackers often do not have to plan elaborate intrusions to take advantage of third-party vulnerabilities, since the management software of various devices links directly to corporate networks. "The beauty is no one is looking there," says Crowdstrike's George Kurtz. "So it's very easy for the adversary to hide in these places."
Security researchers also say attackers frequently target vendors because they tend to run older, susceptible security systems, while the devices often have the security settings turned off by default.
Experts say under ideal conditions, corporations should deploy networks so third-party systems cannot access sensitive data, and remotely monitor the networks with advanced passwords and technology capable of spotting suspicious traffic. However, detecting attacks also requires the presence of skilled security staff.
From The New York Times
View Full Article
Abstracts Copyright © 2014 Information Inc., Bethesda, Maryland, USA
No entries found