[Security News] Chinese take-out menu used to gain access to computer network

O

octoberasian

2[H]4U
Joined
Oct 13, 2007
Messages
4,082
Well, add this to list of things that can be used to hack into someone's network, especially that of an oil company: A Chinese menu that's possibly an image or PDF infected with a malware.
Unable to breach the computer network at a big oil company, hackers infected with malware the online menu of a Chinese restaurant that was popular with employees. When the workers browsed the menu, they inadvertently downloaded code that gave the attackers a foothold in the business’s vast computer network.
Click to expand...
Source: http://www.nytimes.com/2014/04/08/technology/the-spy-in-the-soda-machine.html?_r=0

This is another "watering hole" attack to gain access to a network in which a similar attack was last used to get into Target's networks and POS machines just by someone using stolen HVAC login credentials.

It does make me wonder though:
  1. What large oil company was this?
  2. Don't these computers have anti-virus/anti-malware software? Or, aren't these computers usually isolated from the rest of the network?
  3. What Chinese restaurant website is infected now with this infected menu? And, how and where did these intrepid hackers find out what restaurant in the first place?
 
That's pretty brilliant actually. As for 3, probably not hard to know where the HQ is and figuring out what good & quick chinese places are around. They probably just used tripadvisor or yelp..;)
 
octoberasian said:
It does make me wonder though:
  1. What large oil company was this?
  2. Don't these computers have anti-virus/anti-malware software? Or, aren't these computers usually isolated from the rest of the network?
  3. What Chinese restaurant website is infected now with this infected menu? And, how and where did these intrepid hackers find out what restaurant in the first place?
Click to expand...

Process control networks are usually on isolated single-use systems--though not totally removed from outside networks/internet. Ours our firewalled off from the rest of the network and only used for automation, not general web browsing and the like.

This was most likely just one of their office workstations.

There was a network-capable espresso machine (we had a couple of them around work, but not connected) that were used to break into unsuspecting owners' networks a few years ago.
 
You must log in or register to reply here.
Back
Top