Our Linux admin is a pretty sharp guy, he is working on updating website technology (php version). We have to keep up with patches and new technical abilities.
Unbeknownst to him, a hacker somehow placed a “crontab” entry which will run every 60 minutes shutting down defenses and opening other attack avenues. The hacker used a well known breach in the Windows platform to make inroads on one computer, this allowed him to connect to another computer which now he is in control of.
Too bad the systems were not regularly inspected for potential breaches. One never knows who is lurking on the Internet ready to pounce.