Unable to breach the computer network at a big oil company, hackers infected with malware the online menu of a Chinese restaurant that was popular with employees. When the workers browsed the menu, they inadvertently downloaded code that gave the attackers a foothold in the business’s vast computer network.
The breach through the Chinese menu — known as a watering hole attack, the online equivalent of a predator lurking by a watering hole and pouncing on its thirsty prey — was extreme. But security researchers say that in most cases, attackers hardly need to go to such lengths when the management software of all sorts of devices connects directly to corporate networks. Heating and cooling providers (Target breach) can now monitor and adjust office temperatures remotely, and vending machine suppliers can see when their clients are out of Diet Cokes and Cheetos. Those vendors often don’t have the same security standards as their clients, but for business reasons they are allowed behind the firewall that protects a network