Rincon India Solutions Pvt. Ltd.

Tag: Hackers

  • Reblog: XMedius Weighs-In on What Recently Revealed “Faxploit” Attack Could Mean for Organizations

    Newly revealed vulnerabilities mean hackers may be able to access sensitive company data via fax line entry points.

    Last week, researchers from Check Point, an Israeli IT security software provider, revealed vulnerabilities in the fax protocol that could serve as entry points for hackers into corporate networks during a talk they gave at the DEF CON 26 security conference in Las Vegas.

    This type of attack, named “Faxploit”, allows hackers to send crafted images to an organization’s fax machine containing code that exploits vulnerabilities, enabling them to take over the machine. From there, hackers can use the fax machine to deploy other hacking tools that scan local networks and compromise nearby devices. In a demonstration given, Check Point specifically took advantage of two buffer overflows in the implementation of fax capabilities in an HP device: CVE-2018-5924 and CVE-2018-5925. Please note that XMediusFAX software is not affected by the specific vulnerabilities that were discovered and used during this exploit.

    It was reported that the above-mentioned vulnerabilities are simple to exploit; hackers would only need an organization’s fax number to target them. The attack code comes in via dedicated fax lines with no internet connection required. Since fax machines don’t come with security software to scan inbound faxes, Faxploit can be difficult to defend against. Most companies publish their fax numbers in plain sight on their websites, and Google has over 300 million fax numbers indexed, making Faxploit a potentially powerful tool for hackers to be able to target almost any organization in the world.

    Not only Fax Machines are Vulnerable

    It’s important to note that Faxploit also targets multifunction printers (MFPs) with built-in faxing capabilities.

    XMedius wishes to advise concerned organizations on steps they can take to minimize risk of a Faxploit attack:

    • If your company sends and receives fax transmissions via MFP, it is important to contact your provider for any available security patches as soon as possible. So far, HP has already responded by releasing patches for their series of HP Officejet all-in-one printers, but many fax machine and MFP vendors could also be vulnerable.
    • A simple method of defense against Faxploit attacks is network segmentation. Breaking larger corporate networks into smaller networks, or isolating fax machines onto their own subnetworks can not only greatly reduce the risk of attack, but also limit scope of personal data that hackers could gain access to.
    • A third option would be to reduce your organization’s possible attack area using centralized fax server solutions instead of hundreds of fax devices spread across your whole network. Centralized fax solutions are easier to protect, update and monitor.

    Your faxing environment needs to be handled with an appropriate level of precaution, just as you do for your mail, your web server or your workstation environments. If your organization is currently using, or is considering migrating to a fax server solution, here are a few elements that should be taken into consideration:

    Reduce the risk footprint:

    • Using a fax server/service solution reduces the number of devices you have to be concerned about and provides a more controllable environment
    • You can still leverage your MFPs with the use of several integrations and connectors from your FoIP provider or its partners, allowing them to have faxing capabilities without being connected to the public telephony network
    • Harden your servers by stopping unnecessary services and reducing the number of unneeded software

    Keep software up-to-date:

    • Keep your fax server OS up-to-date, as you would do for your workstation environment
    • Devices like faxes and MFPs need to be updated to get the latest security fix. This is often an oversight in patching policies.
    • Consider retiring devices that cannot be updated. If vendors no longer offer active support and security fixes, these devices can be a weak link in your overall data security strategy

    Monitor your systems for viruses, trojans and other forms of attacks

    • Use a good antivirus/antimalware and make sure to keep it up to date
    • Use vulnerability scanner tools to detect out-of-date software
    • Monitor traffic coming out of the MFD and fax server zones, a compromised device will create atypical network traffic that can be detected by intrusion detection systems (IDS).

    The original article can be found here.

    For more information on minimizing fax protocol vulnerabilities, e-mail us on sales@rincon.co.in and we will be glad to assist you.

  • Reblog: U.K. Healthcare System Victim of Vicious Global Cyberattack

    On Friday May 12, a large scale cyberattack was launched affecting tens thousands of computer systems in over 100 countries around the globe. While government officials state that no organizations were targeted specifically, some of the highest-profile victims include U.S.-based international shipment provider FedEx Corp. and England’s National Health Service (NHS). The NHS reports that as a result of the cyberattack, 16 hospitals and private clinics were forced to redirect ambulances and cancel appointments.

    Hackers used a software called WanaCrypt0r 2.0 or WannaCry that exploits a vulnerability in Microsoft Windows. Microsoft released a software patch that fixes the problem in March, but computers that had not installed the security update remained vulnerable.

    The malicious malware used in the attack encrypts data on infected computers and blocks any access to files until a ransom is paid. The malware is disguised in spam emails that appear to contain invoices, job offers, security warnings or other legitimate files to trick users into opening them. Security researchers say that some victims made bitcoin digital currency payments ranging between £300 and £500 to regain access to their data, but the percentage of victims who paid up to the extortionists is unknown.

    What Happens when Ransomware Hits an Organization?

    A recent article by the Wall Street Journal explains how when WannaCry makes its way into a PC via an unsolicited email, it can replicate itself and spread into an entire network.

    The NHS reported on Saturday that it would upgrade its software in wake of the international attack. Security teams are working around the clock with the NHS to uncover the extent of the ransomware infection, and it remains unclear if any patient data has been affected. One of the many companies targeted in Spain, Telecommunications company Telefonica, said that the cyberattack was limited to some of its internal computers and hadn’t affected clients or services. Portugal Telecom and Telefonica Argentina are also among the organizations that were targeted.

    As international security organizations, Microsoft, and the U.S. authorities continue their investigations and efforts to help organizations globally, it’s still unclear what the full implications of the cyberattack are. The hackers responsible for what’s considered the largest global ransomware attack the cyber community has ever seen still haven’t come forward to identify themselves or claim responsibility.

    How can Organizations Defend Against Ransomware Attacks?

    In light of a global cyberattack, it is a daunting fact to know that an entire organization’s sensitive data could be at risk of an infection starting with a single email. Here are a few things organizations can do to defend against current or future cyber threats:

    Run a mandatory company-wide Windows Update. Organizations who use Windows Vista, Windows 7, and Windows 8.1 can protect from the main route of the WanaCrypt0r 2.0 or WannaCry infection by running Windows Update on their systems. Note: The vulnerability doesn’t exist in Windows 10.

    Raise awareness of ransomware. One of the best ways to defend against cyberattacks is to raise awareness from within an organization. A company-wide memo, ad-hoc meeting, or brief training from the IT department can raise awareness by showing all users how to look out for malicious email attachments.

    Stop Relying on email to transfer secure documents. Email is inherently-non-secure and regardless of the strength of an organization’s IT infrastructure, this recent attack shows that all it takes is the opening of a harmful attachment.

    Although email is the most used communication tool used in business today, there’s a long list of reasons why it can’t be trusted to securely transmit your sensitive data. Alternatives like a cloud fax or secure file transfer solution integrate with the email interface users are familiar with, but are reinforced with robust security features that protect against malware and other threats.

    If you’re looking for a user-friendly way to protect your data, contact us sales@rincon.co.in.

    The original article can be found here.