Is your fax machine leaving you vulnerable to cyber-attacks?
Does your fax machine connect to your corporate network? If so, you may be leaving your business vulnerable to cyber-attacks via a fax machine hack. This fax machine hack has emerged from the Def Con hacker conference – an annual gathering of cybersecurity experts.
Fax machines are still in widespread use, often combined with copiers and printers. Therefore, they are network-connected, leaving millions of companies exposed to malicious payloads such as ransomware or virus outbreaks, which could cripple corporate networks and bring productivity to a standstill – potentially costing businesses huge amounts of money. All cybercriminals need to do is send you a fax with malicious code in it to secure a foothold on your network for wider cyber-attacks.
It is hoped that now the vulnerability is being widely publicised, companies will take measures to reduce their risk by implementing more thorough cybersecurity measures – however, the other side of the coin is that malicious hackers will also be aware of the fax machine hack now, and will seek to profit by attacking those businesses with fax machines and weak cybersecurity.
Calculating your risk profile: the good news.
It’s fairly easy to establish your business’ risk regarding this particular vulnerability. The good news is that there is (so far) no evidence that malicious hackers are able to exploit the vulnerability to penetrate businesses with well-defended networks. If you have strong network security measures in place, you are significantly less vulnerable to this fax machine hack than businesses with poor network security.
Good network security means an enterprise-grade Internet router with robust, up-to-date, inbuilt security measures, and effective endpoint security deployed across all machines.
Calculating your risk profile: the bad news
The bad news for businesses without these measures in place is that you are inherently at risk. It is even more dangerous now the fax machine hack has been widely publicised in the global media. An inevitable side-effect of publicising security vulnerabilities so that they can be addressed is that malicious hackers will jump on the bandwagon to exploit them whilst the security loopholes remain open.
Fax has no security measures built in – it was created in a time before cybersecurity was a concern for manufacturers, and has remained that way since. As a result, the fax machine serves as a gateway to your network for attackers. This can lead to cyber-attacks against your business.
Furthermore, if your fax machine number is openly displayed on your company website, an attacker could quite easily use that number to deliver the malicious code and infiltrate your network. Neuways examined an extensive sample of businesses and found that 57% had their fax number displayed on their website, potentially leaving them open to immediate attack.
The solutions to the problem
Removing your fax number from your website or getting rid of your fax machine entirely is not the way to protect yourself from this threat. Removing your fax number from your website is a half-hearted measure; it can still be acquired relatively easily via social engineering. Getting rid of your fax machine altogether is a drastic measure that could inconvenience your business, your customers and your suppliers. Instead, make sure that fax machine is patched to the latest firmware version.
This fax machine hack should be of no concern to businesses with adequate cybersecurity. Unfortunately, the reason that this fax machine hack vulnerability is so newsworthy is that cybersecurity, across the millions of companies still using fax machines, is so poor.
A multi-layered defence is the best way to protect yourself from this threat and many more just like it. This encompasses an enterprise-grade Internet router with network segmentation and a properly configured firewall. This protects your network from cyber-attacks and infiltration. In addition, you may want to consider deploying endpoint security, which secures your devices within your network.
If you’re still unsure about whether this threat is endangering your company, or whether or not you have the adequate security infrastructure in place, speak to Neuways. We can secure your network and ensure you’re not unnecessarily risking your business’ future.