Online menus a target for cyber-criminals, IT security expert tells Belfast conference
Cyber-criminals hack popular restaurants' online menus in a bid to gain valuable information about large corporations, an IT security expert has warned a conference in Belfast.
Chris Furlow, who works with major companies around the world to protect them from internet criminals, said the technique was known as "watering hole hacking" and involved planting a bug on a website popular with employees, such as an eatery near an office.
"These folks are thinking very clearly who they would like to target and how they are going to go about doing that," the security expert told the conference.
Mr Furlow added "spear phishing" emails and other forms of deception designed to target organisations for information including passwords and bank account numbers had been developed more than a decade ago, but were still a danger.
"They may be coming after a specific individual because they have inside information about what is going on within your organisation," he explained.
The UK's security services previously identified a watering hole-type attack against a web design company that hosts sites from for a number of major players in the energy sector.
By adding code to a website, the hackers were able to redirect visiting users' browsers to one of three sites controlled by them. GCHQ believed the attack was part of a commercial espionage campaign.
Mr Furlow, the president of US-based risk company Ridge Global, outlined the watering hole threat during a meeting of the World Credit Union Conference in Belfast.
"Sometimes, especially near organisations that are targeted, let's say there is a major corporate office near this restaurant... they may infect the restaurant and when you download the PDF version of the menu, it is infected," he told delegates.
"These are the types of threats that we are dealing with on a daily basis. They are leveraging this human element of cyber-security, and they are carrying out digital deception."