BuzzSec - If you have an All-In-One Fax Machine connected to your LAN, Read This!

Original Article is here: https://www.computerweekly.com/news/252446742/Millions-of-businesses-vulnerable-to-fax-based-cyber-attack

It looks like 2 things have to be in place for this to work correctly:
  1. The fax machine has to be connected to the LAN of the victim and;
  2. The fax machine needs to be vulnerable to the code exploit for dropping the payload

So even if the attacker was able to:
  1. Discover a fax line and;
  2. Use fax code to discover the brand of printer

They would still have to:
  1. Send the exploit to the fax machine and;
  2. Pray that the fax machine was connected to a LAN (which isn't likely in normal situations with a few exceptions I'll point out below)

Many healthcare organizations use a service to check drug prescriptions against an international database for patients. Some Electronic Healthcare Systems also use fax lines to send prescriptions and data to other healthcare businesses. In these very specific situations, an attacker would have to:
  1. Not only exploit the fax card on the server but then;
  2. Also, exploit a server or software vulnerability on the server in order to get a foothold

The biggest danger is probably the most common in businesses, however. It is the danger of having an All-In-One copier/fax/scan machine. These machines by Ricoh and Canon and Toshiba (and others) would allow the attacker to exploit the machine and access the LAN that it was attached to with their scripting embedded in the jgeg.

Using the good old qualitative risk model this would be a probability of medium (due to the complexity) and an impact of high, making this a medium-high risk for businesses with the All-In-One devices mentioned.

If you have these All-In-One devices connected to your network, it looks like it's time to segregate them into their own firewalled sub-LAN and add some network monitoring to that new sub-LAN. Do this very soon as this attack was just unveiled last week at Defcon in Las Vegas and attackers are likely to start exploiting it on a massive scale any minute now.

Comments

Post a Comment

Popular posts from this blog

KnowBe4 - Scam Of The Week: "When Users Add Their Names to a Wall of Shame"

Image
Eric Howes , KnowBe4 Principal Lab Researcher, found out about another insidious bad guy trick: " If you work in IT there has undoubtedly come a dark moment when you wondered to yourself just who among your employee users would be gullible enough to click through a phishing email and potentially bring down your organization. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/when-users-add-their-names-to-a-wall-of-shame
Read more

The Hacker News - ⚡ Weekly Recap: WhatsApp 0-Day, Docker Bug, Salesforce Breach, Fake CAPTCHAs, Spyware App & More

Cybersecurity today is less about single attacks and more about chains of small weaknesses that connect into big risks. One overlooked update, one misused account, or one hidden tool in the wrong hands can be enough to open the door. The news this week shows how attackers are mixing methods—combining stolen access, unpatched software, and clever tricks to move from small entry points to large from The Hacker News https://thehackernews.com/2025/09/weekly-recap-whatsapp-0-day-docker-bug.html
Read more