The article doesn't mention the most obvious method, compromised firmware in file transfer devices such as USB thumbdrives and external hard drives.