RESEARCH presented at the Def Con hacker conference in Las Vegas recently revealed that image data being sent by fax can provide an easy way for hackers to gain entry to internal corporate networks.
Exploiting facsimile format protocols from the 1980s, these images can be booby trapped with viruses and coding to infiltrate networks via printers and photocopiers which faxes are invariably connected to, if not the same piece of hardware.
While I am sure there are many reading this muttering “No one uses fax anymore!”, it would appear that a lot of organisations, particularly the public sector and banks, are still faxing.
The problem is that fax has no security measures built in and millions of companies that still use them, or at least have the capability to, could be at risk as they do little to secure the lines.
The security researchers who discovered this had crafted an image that was embedded with a malicious payload. The way it had been coded allowed it to be interpreted in such a way by the machine that it was able to manipulate the vulnerabilities of the system and infiltrate the network.
Whether we still fax or not, we are all susceptible to attack, via our smartphones, our smart TVs, our smart ten-year-old grandchildren – while slightly different but no less calculated. Regardless, there is a stark requirement for more effective strategies to deal with cyber-attacks, particularly across the corporate sphere.
At Rainbow, we work to ensure IT systems and networks are secure and we are continually reinforcing the message that preparation is key.
In its simplest terms, this means having sufficient prevention and detection capabilities in place, which can include a Unified Threat Management (UTM) system which can offer multiple layers of security, including firewalls, intrusion prevention systems, antivirus, spam filtering and URL filtering for web content.
For those most at risk or unsure of where weaknesses may lie, we always recommend IT security audits. These allow the levels of information security within an organisation to be audited and reviewed, whether from a technical, physical or administrative perspective.
The audit will focus on the potential vulnerabilities of data being intercepted or accessed by external parties and, once risks are determined, there is a wide range of solid and inexpensive solutions and products available that can provide the security you need.
One area that an audit will focus on, and is often overlooked – excuse the pun – is ‘visual hacking’, where information is literally taken from a screen by someone looking at it and memorising it or screen-grabbing it on a handheld device.
Research into this method would suggest that over 90% of visual hacking attempts are successful as they happen quickly and are nearly impossible to police without physically being there to catch the perpetrator in the act of stealing a glimpse at a screen and can range from passwords to account details.
With new threats emerging every day, it’s acutely important to put in place the right measures that will protect your company and your reputation in order to run your business securely in the confidence that you’re among those best prepared.
:: Eric Carson is director of Rainbow Communications and can be contacted via www.rainbowcomms. com. Rainbow Communications can also be followed on Twitter: @Rainbow_Comms.
