Unable to breach hardened computer networks at blue chip companies, hackers are now targeting air conditioners, thermostats and videoconferencing equipment.
They have been forced to attack some of the most unlikeliest of places in search of vulnerabilities, according to a report that was published in the New York Times earlier this month.
In one case hackers had initially failed in attempts to hack a big oil company. The solution was to infect the online menu of a Chinese restaurant that was popular with the oil company's employees.
When the workers browsed the menu they downloaded code that gave the attackers a foothold in the firm's computer network.
Security experts that fixed the breach were not allowed to disclose the details but the message in the NY Times was clear - hacking is no longer just about the computer network.
Hackers in the recent Target payment breach gained access to the retailer's records through its heating and cooling system. The high profile case exposed the credit card data of millions of customers last November.
Media reports estimate hackers absconded with payment card data for about 40 million customers and with personal information, such as phone numbers and e-mail addresses, for 70 million.
While the use of anti-virus software and firewalls are a routine part of doing business, its third party devices and remote access to corporate systems that are a bigger problem today.
Access is being granted through software controlling a wide range of services that companies use including heating, ventilation and air conditioning, billing and HR systems, as well as outside service providers that are connected remotely.
Often, hackers only need to break into one system to get access to them all.
What does this mean for air conditioning suppliers, will customers start asking about the security of their units?
The director of threat intelligence at security firm Qualys, Billy Rios, said computer equipped machinery like air conditioners can be used to gain access to sensitive company data.
"It is increasingly common for corporations to set up their networks sloppily, with their air conditioning systems connected to the same network that leads to databases containing sensitive material like proprietary source code or customer credit cards," he told the NY Times, "Your air conditioning system should never talk to your HR database, but nobody ever talks about that for some reason."
Last year security researchers found a way into a number of Sydney-based organisations - and its ventilation, lighting, elevators and even video cameras - via their building management vendor.
In another case they gained access through the firm's heating and cooling supplier.
Good business is about being secure and ensuring this is not you.
- Credit: Jessica Lifland of the New York Times