It’s long been known that organizations need to exercise extreme caution when jettisoning old office equipment, especially if it has built-in memory—and that it’s even more crucial to bear in mind that hackers can utilize digital or carbon-based memory.
An Israeli-based company recently found another way older communication devices—and new versions of older technology—provide hackers entree into office networks—in this case an all-in-one, network-connected device that faxes, scans and copies.
Specifically, CheckPoint discovered something the company’s calling a “faxploit.” In this scenario, hackers send a malware-laced image file to a fax number in order to infiltrate a network. The file doesn’t have to be an image; the machine just needs to think it’s one. When received, the infected file is uploaded to a device’s memory where it deploys malware that first takes over the device and then spreads throughout the network to which it is connected.
Why It Matters
With an estimated 45 million hackable machines out there, the threat is significant.
Many sectors rely on faxing, including banks, healthcare providers and law firms. Compounding the problem, older devices are not updateable, so the security flaw cannot be addressed. Additionally, without a dedicated CISO or cyber security expert on staff (a common situation), staff may not be in the habit of thinking like the bad guys. All this combines to create a potent problem.
What to Do
Solutions exist. If possible, older machines should be replaced with patchable devices. A device that can be updated to address security is a must in the current environment of pervasive and persistent threats. The next order of business is culture based: teach everyone on staff cyber security basics. A culture of awareness is crucial to staving off attacks.
To read more, check out this article.