Did You Know Hackers Can Infiltrate Your Network Via Fax Machine?
Fax machines seem to be a thing of the past for many new age businesses and professionals these days, but in reality, they’re still being used. In fact, according to Jive, more than 46 million businesses still use fax machines in some way or another. Typically businesses are still using fax machines because their clients still use them, potential government regulations or industry standards, proof of paper trail, convenience, and in some instances, fax machines are more secure.
However, an Israeli cyber security firm, Check Point, recently discovered that hackers may be infiltrating businesses networks using just a fax machine number…which might not even be connected to the internet. The researchers at Check Point demonstrated that a hacker can execute a script that targets the victim’s fax number in order to obtain network access. According to the researchers, the attacker can then use EternalBlue, a NSA-developed exploit leaked by the Shadow Brokers hacker group, to further infiltrate the network and execute malware.
Using the malware executed for this attack, the hacker can search and exploit specific information about the victim and send it back to the hacker’s fax machine. Additionally, the hacker can severely manipulate what gets sent and received. For example, if the victim sends sensitive account information to their bank, the cybercriminal can program the fax machine to send a copy to the attackers fax machine. The attacker can also tamper with the content included on the document being sent by altering the information to include or exclude what they to be attached to the document.
It’s worth noting that having a cyber security insurance policy in place will protect your business in the case that your fax machine does get exploited by hackers. Contact Jon Jepsen at SentryWest Insurance for a cyber insurance quote.
(Courtesy Evolve MGA https://evolvemga.com/fax-machines/?ct=t)
What happens in a WTF attack?
Hackers manipulate senior executive officers, employees, or clients with the intention of tricking the business or their client into wiring money into the hacker's bank account. Common hack attacks that result in wire fraud consist of stealing login credentials via phishing or key-logging malware, financial data manipulation, and corporate identity theft.
Claims Example: Midsized Trucking Company
In 2017, a trucking company's CEO had his email address compromised. An email was sent to wire money to an existing client, but with new bank account details. The CFO merely thought the client opened up a new bank account and trusted the email from the CEO, which was actually written by the hacker. One payment of $73,000 was wired out without being caught. On the 2nd wire request, they figured out that the figured out the money hadn't been received. Unfortunately, that first payment of $73,000 was unrecoverable.
How Can I Make Sure My Cyber Policy Covers Me?
Check the policy wording to determine if there is coverage for: social engineering, funds transfer fraud, cyber deception, electronic crime, or eCrime. Note the limit provided. Make sure there are no dual factor authentication warranties in the policy wording. If you are looking to ensure that you have quality cyber crime options, please contact Jon Jepsen at SentryWest Insurance.
Audits for contractors can be challenging. One of the most common questions auditors hear is, “Why do I have to pay for my subcontractors if they carry their own insurance?”
When a contractor hires subcontractors, an additional exposure is created on the jobsite that can result in claims against the contractor. These may include subcontractor negligence or inadequate limits of insurance, which would leave the contractor liable.
There are also possible defense costs when the contractor is named along with the subcontractor in a lawsuit. The potential for liability exposure is also real, if the subcontractor lets his policy coverage lapse.
For general liability policies, the exposure basis for a subcontractor is “total cost.” By definition, total cost includes all labor, materials and equipment furnished, used or delivered for use in the execution of the work.
Total cost also includes all fees, bonuses or commissions made, paid or due.
Properly insured subcontractors are assigned to the corresponding subcontractor work class code based on the type of work performed. If uninsured subcontractors are used, they will be classified to the payroll-based classification that best describes the type of work completed, as if they were employees of the contractor.
A best practice if you’re a contractor would be to require certificates of insurance from your subcontractors prior to paying them for the services performed. This allows you to retain some leverage in obtaining the certificate of insurance from your subcontractor.
Please contact our agency if you have questions about your audit. Thank you for your business!
Jon Jepsen, CIC