Injection of malware into a secure facility

A remote wireless connection to an insufficiently secured wifi network can be used to inject a worm or a trojan into a supposedly secure facility. This trick can be used also against a home network of a telecommuting employee (and then gain VPN access to the secure facility), or using a network from a hotel shared with said employee. A small, poorly secured hotel could allow getting away even with a more active attack, involving e.g. hijacking the router (sometimes left on default password) or ARP spoofing.

Other possible tricks involve infecting laptops of road warrior employees, so they then bring malware into their facility on their next visit. Or an USB dongle with an infection, that will be found by an unsuspecting employee and brought in.

A nice twist could be a trojan that connects to the home base only when on user's home connection, but not when the user is in the secured facility with a monitored firewall; then the trojan acts passively, only silently collecting data to hand them over later, to assist with penetration of the hardened facility.