Criminals Can Compromise Company Networks by Sending Malicious Faxes
Check Point has revealed details about the two critical remote code execution vulnerabilities (CVE-2018-5924, CVE-2018-5925) it discovered in the communication protocols used in tens of millions of fax devices globally.
A fax number is all an attacker needs to exploit the flaws, and potentially seize control of a company or home network.
The Check Point research demonstrated the vulnerabilities in the popular HP Officejet Pro All-in-One fax printers.
The same protocols are also used by many other vendors’ faxes and multifunction printers, and in online fax services such as fax2email, so it is likely that these are also vulnerable to attack by the same method.
About Faxploit
Usually seen as outdated technology, there are over 45 million fax machines in use in businesses globally, with 17 billion faxes sent every year.
It is still widely used in several Industry sectors such as healthcare, legal, banking and real estate, where organizations store and process vast amounts of highly sensitive personal data. The UK’s National Health Service alone has over 9,000 fax machines in regular use for sending patient data. In many countries, emails are not considered as evidence in courts of law, so fax is used when handling certain business and legal processes. Nearly half of all laser printers sold in Europe are multifunction devices with fax capability.
Once an attacker obtains an organization’s fax number (which is easily obtainable from corporate websites), the attacker sends a specially created image file by fax to the target. The vulnerabilities enable malware (such as ransomware, crypto-miners or spyware) to be coded into the image file, which the fax machine decodes and uploads to its memory. The malware can then potentially breach sensitive data or cause disruption by spreading across any networks to which the fax machine is connected.
Prevent exploitation
To minimize the security risk, Check Point advises that organizations check for available firmware updates for their fax devices and apply them.
“We worked closely with HP to fix the vulnerability and, following the process of responsible disclosure, they managed to release a patch before this publication. In fact, if your device is already configured to auto-update then the patch has likely already been applied. This patch, however, only applies to HP all-in-one printers and the vulnerability may well still apply to devices from other manufacturers as well,” the researchers noted.
Businesses are also urged to place fax devices on a secure network segment separated from applications and servers that carry sensitive information.
“Once unauthorized access is gained, network segmentation can provide effective measures to mitigate the next stage of intrusion into a network and limit the spread of the attack by lateral movement across it,” they explained.
The good news is that there’s no indication that the vulnerabilities are being exploited in the wild.
“Many companies may not even be aware they have a fax machine connected to their network, but fax capability is built into many multifunction office and home printers,” said Yaniv Balmas, Group Manager, Security Research at Check Point. “This groundbreaking research shows how these overlooked devices can be targeted by criminals and used to take over networks to breach data or disrupt operations.
Source: helpnetsecurity
Latest Jobs
-
- Professional Services Security Engineer
- United Kingdom
- £65,000
-
Professional Services Security Engineer with current checkpoint experience is needed for the UK focused client facing implementation/migration, configuration position. The role will be utilising the latest versions of Checkpoint, so someone accredited with either CCSA or CCSE, on at least version R80 is ideal. The Professional Services Security Engineer must have current technical implementation experience using Checkpoint, however, I would look at someone with strong firewalling experience around other vendors such as Palo Alto and Fortinet. Being a multi-vendor professional services business, there is scope for this person to receive training and experience within other vendors. This is a UK wide role, the company in question has 2 offices across the UK, however, there is scope for this person to be home based when not on client site. Vendor training and exposure actively promoted.
-
- eDiscovery / Forensic Consultant, London, £65,000
- London
- £65,000
-
Senior eDiscovery / forensic consultant needed to join a business is recognised for helping top tier clients across eDiscovery, Forensics, Incident Response, Advisory etc. Known the for quality, consistency of work throughout the world. This individual MUST be London based, client facing with deep technical hands on experience with eDiscovery / forensic tools, techniques and best practice. Hands on experience using Relativity is essential. The position is split between engaging with client stakeholders to provide consultancy, technical engaging to identify, preserve, collect, process, review and produce electronically stored information in litigation and manage / provide support for the other internal business functions. This will include, but not be limited to; manging client engagements, collecting / processing data within Relativity, delivering / providing guidance customisation on reports, advising clients. Any of the following certifications are highly desirable. • Relativity Certified Administrator (RCA) • Relativity Processing Specialist • Relativity Analytics Specialist Travel to client site will be involved. Fluency in multiple European languages is highly desirable. All details kept in the strictest of confidence. Contact me on Chris.holt@dclsearch.com 07884666351 or 02086634030
-
- Public Sector Sales Consultant, Cyber, London, 140 OTE +, Uncapped earnings!
- London
- Up to £140,000 OTE
-
Public Sector Sales Consultant is needed in London as a new hire into a cybersecurity services, solutions and advisory business. Ideally, the Public Sector Sales Consultant should have experience selling cyber solutions, services and advisory but this is not essential. (Training can be provided) What is essential is the sales consultant must have a successful history overachieving against target selling into the Public Sector (Healthcare, Defence, Emergency Services, Government etc.).. This target for this opportunity will be £1.3m. The role will be split in delivering NEW BUSINESS into existing accounts (account management through existing partners, framework, direct etc) and new Logo NEW business. A full suite of solutions is available to the successful Public Sector Sales consultant. More importantly, there is an Uncapped earning for overachievement. A KEY requirement is an ability for the individual to achieve UK security clearance- UK passport holder is a must. There is a strong preference for will be given to those that already have clearance. Training, development, support and a warm inviting team. All details kept in the strictest of confidence. Ref: CH7497
-
- Partner Sales Director
- Germany
- Up to €165,000 Base + Double OTE
-
We are currently working on behalf of a global cybersecurity provider who are currently looking for a Partner Sales Director in Germany. The Partner Sales Director will be responsible for the go to market strategy for current Cyber Security OEM’s and new alliances across EMEA and CALA. Other responsibilities include; Sales strategy development and implementation, Partner development, Sales leadership etc. Experience Required Must have current experience in a sales leadership role specialising in Cyber Security (vendor experience with Cisco, Check Point etc.) Proven sales record of being able to lead, grow teams and exceed expectations. This individual MUST be based in Germany Ref: BD7496 (Partner Sales, Alliances Sales, Cyber Security Sales Jobs)