Did You Know Hackers Can Infiltrate Your Network Via Fax Machine?
Fax machines seem to be a thing of the past for many new age businesses and professionals these days, but in reality, they’re still being used. In fact, according to Jive, more than 46 million businesses still use fax machines in some way or another. Typically businesses are still using fax machines because their clients still use them, potential government regulations or industry standards, proof of paper trail, convenience, and in some instances, fax machines are more secure.
However, an Israeli cyber security firm, Check Point, recently discovered that hackers may be infiltrating businesses networks using just a fax machine number…which might not even be connected to the internet. The researchers at Check Point demonstrated that a hacker can execute a script that targets the victim’s fax number in order to obtain network access. According to the researchers, the attacker can then use EternalBlue, a NSA-developed exploit leaked by the Shadow Brokers hacker group, to further infiltrate the network and execute malware.
Using the malware executed for this attack, the hacker can search and exploit specific information about the victim and send it back to the hacker’s fax machine. Additionally, the hacker can severely manipulate what gets sent and received. For example, if the victim sends sensitive account information to their bank, the cybercriminal can program the fax machine to send a copy to the attackers fax machine. The attacker can also tamper with the content included on the document being sent by altering the information to include or exclude what they to be attached to the document.
It’s worth noting that having a cyber security insurance policy in place will protect your business in the case that your fax machine does get exploited by hackers. Contact Jon Jepsen at SentryWest Insurance for a cyber insurance quote.
(Courtesy Evolve MGA https://evolvemga.com/fax-machines/?ct=t)
What happens in a WTF attack?
Hackers manipulate senior executive officers, employees, or clients with the intention of tricking the business or their client into wiring money into the hacker's bank account. Common hack attacks that result in wire fraud consist of stealing login credentials via phishing or key-logging malware, financial data manipulation, and corporate identity theft.
Claims Example: Midsized Trucking Company
In 2017, a trucking company's CEO had his email address compromised. An email was sent to wire money to an existing client, but with new bank account details. The CFO merely thought the client opened up a new bank account and trusted the email from the CEO, which was actually written by the hacker. One payment of $73,000 was wired out without being caught. On the 2nd wire request, they figured out that the figured out the money hadn't been received. Unfortunately, that first payment of $73,000 was unrecoverable.
How Can I Make Sure My Cyber Policy Covers Me?
Check the policy wording to determine if there is coverage for: social engineering, funds transfer fraud, cyber deception, electronic crime, or eCrime. Note the limit provided. Make sure there are no dual factor authentication warranties in the policy wording. If you are looking to ensure that you have quality cyber crime options, please contact Jon Jepsen at SentryWest Insurance.
Your Identity Belongs to You. Protect It, Too.
One smart way to protect yourself against identity theft is to prevent it. If your identity is stolen, you’ll be able to lessen problems by acting quickly.
Start with Good Habits
Watch Your Accounts Closely
Keep This Information Handy
Federal Trade Commission ID Theft Line and websites:
Social Security Administration Fraud Line: 1-800-269-0271
Credit Reporting Agencies
Identity Theft Plan
(Information Courtesy of SAFECO Insurance: http://www.safeco.com/insurance-101/consumer-tips/identity-theft)
Jonny Jepsen, CIC