Cyber criminals have infected online menus in popular restaurants in a bid to obtain information about large corporations, a US security expert said.

It is known as “watering hole” hacking and involves planting a bug on a website popular with employees — such as an eatery near a major office.

Chris Furlow works with companies around the world to help them focus on cyber-risk and called for better international co-operation to track down criminals.

He said: “These folks are thinking very clearly who they would like to target and how they are going to go about doing that.”

Mr Furlow said “spear phishing” emails targeting particular organisations for information like passwords or bank account numbers are a digital deception threat which was more developed than a decade ago.

He added: “They may be coming after a specific individual because they have inside information about what is going on within your organisation. We still are not mature enough as civilised societies in terms of getting all the protocols in place to go after these individuals because there are no borders in the cyber domain and it makes going after them much more difficult.”

British GCHQ intelligence has already identified a watering hole attack against a web design company which hosts sites for a number of British businesses in the energy sector.

By adding code to one website, the attackers were able to redirect visiting users’ browsers to one of three sites controlled by them, in what GCHQ believed to have been part of a continuing commercial espionage campaign.

Mr Furlow is president of US risk company Ridge Global. He outlined the watering hole threat during a meeting of the World Credit Union Conference in Belfast.

He said: “Sometimes, especially near organisations that are targeted, let’s say there is a major corporate office near this restaurant, they may infect the restaurant and when you download the PDF version of the menu it is infected. These are the types of threats we are dealing with on a daily basis. They are leveraging this human element of cyber-security, they are carrying out digital deception.”

Mr Furlow said a report published by computer giant IBM this year on the cost of data breaches said a quarter involved human error.

He added: “ This is about employees or third parties like contractors who are in some way negligent.

“I think that is a tough term in the environment today, negligent, because there are some people who just don’t have the resources or they have not had the training in order to understand what they need to be doing.”

“But negligence is a really important term because as you look at the regulatory environment this is something that is advancing very quickly in the 21st century.”


Last week, I wrote about 'small is beautiful' as a key to an improved environment for all living things after this Covid crisis is finally over. As I wrote, I saw, in the mind's eye, the village where I live in west Cork and from which my wife and I are temporarily exiled.Damien Enright: Community spirit can ensure we pull through - together

Fifty years ago, a fox was spotted in Dublin’s St. Stephen’s Green. The unfortunate animal was chased by local ‘gurriers’. It took refuge in a tree but was promptly stoned to death.Richard Collins: Wildlife taking back the streets of our cities

The north pier on Cape Clear has been eerily quiet these last few months as no visitors disembark. The ferry is not unloading boatloads of tourists from Baltimore, 45 minutes away, or from Schull, as it would normally.The Islands of Ireland: Cape Clear tells its side of the story

If the Donegal postman and amateur weather forecaster has it right, we could be in for water shortages in the coming months. Michael Gallagher, who predicted the scorching summer of 2018 and the 2010 freeze-up, says we’ll have a ‘lovely’ summer.Donal Hickey: Demand for water to soar

More From The Irish Examiner