With firewalls ever more difficult to breach, hackers have found other ways to sneak into protected computer systems, even those involving restaurant menus and soda machines.

When an employee uses his or her company computer to order food through an online menu, they can open up a cyber door for intruders to slip through and gain access to the local network of servers.

That’s what happened to one unidentified oil company, The New York Times reported, when hackers attached malware to an online menu belonging to a Chinese restaurant frequented by the oil firm’s employees. Simply browsing the menu resulted in the malicious code downloading into the user’s computer and on to others at the corporation.

Vending machines set up in company break rooms also can provide a backdoor into a supposedly secure network. Many such machines contain minicomputers that allow the vendor to remotely check on the supplies of soft drinks. But the same system can be utilized by hackers to infiltrate the computers of the company hosting the vending machines.

Printers, thermostats and videoconferencing equipment can also be vulnerable to intruders.

In other cases, hackers break in through a third-party’s computer system, such as those providing heating and air conditioning at an office. This happened to retailer Target, which had its payment card system breached, potentially costing the company up to $420 million in losses plus $100 million to upgrade its system.

The third-party contractors usually don’t have as a secure a computer network as their higher-end clients, yet in order to conduct business, those clients often allow the contractors access into their secure system. Piggybacking onto those more accessible third parties allows the hackers inside their primary targets’ networks.

“We constantly run into situations where outside service providers connected remotely have the keys to the castle,” Vincent Berk, chief executive of FlowTraq, a network security firm, told the Times.

How often this problem is occurring is up for debate.

The Ponemon Institute, a security research firm, says nearly a quarter of breaches can be traced back to third-party vendors. But Arabella Hallawell, vice president of strategy at Arbor Networks, a Massachusetts network security firm, believes the figure is much higher. She says third-party suppliers might play a role in 70% of cyber intrusions.

“It’s generally suppliers you would never suspect,” she told the Times.

-Noel Brinkerhoff

To Learn More:

Hackers Lurking in Vents and Soda Machines (by Nicole Perlroth, New York Times)

Target Hackers Broke in Via HVAC Company (KrebsonSecurity)