Most recent

Working with Our Partners to Mitigate the Faxploit Threat

By Eitan Bremler

At Safe-T, we’ve been delivering innovative, award-winning solutions based on our Software Defined Access solution for years. Part of the value we offer is in accelerating ROI by enabling customers to plug-in solutions from third-party security vendors, enhancing existing protections. We work closely with industry leaders like Check Point to enable this kind of capability. So we were keen to continue in this vein when Check Point itself recently released produced research highlighting a new threat vector in the common fax protocol.

Safe-T’s solution for fax services mitigates the “Faxploit” threat while adding a range of security and compliance benefits.

The value of partnerships

Safe-T’s flagship Software Defined Access solution leverages the SecureStream policy and workflow enforcement engine to broker traffic to third-party security solutions including Data Loss Prevention (DLP), SandBox, Anti-malware and Identity and Access Management (IAM) tools. We work closely with some of the most innovative technology firms in the world to make this happen, including Check Point.

Our work with Check Point has already seen us produce a joint solution integrating Safe-T’s Software Defined Access offering with Check Point’s SandBlast Zero-Day Protection. It means any file entering the organization from any source can be scanned for a comprehensive range of threats, including new and unknown malware, before being sent on to any destination.

The Faxploit threat

Our latest offering also allows customers to integrate patented Safe-T technology with third-party solutions — this time to shut down the risk of threats entering the organization via fax.

Now, the fax might not sound like a particularly major threat to the typical organization, but Check Point recently discovered two new vulnerabilities in a common fax protocol (ITU T.30), which if leveraged could allow an attacker to gain control of a targeted machine. By sending a file containing a maliciously crafted image to the fax, an attacker could exploit the two buffer overflow flaws (CVE-2018-5924 and CVE-2018-5925) to gain remote code execution rights. This would then allow them to download additional tools to infiltrate the corporate network, including the notorious EternalBlue exploit.

The hacker only needs the target machine’s fax number to begin the attack, and because security software typically doesn’t scan incoming faxes for malware, it could leave organizations wide open.

A new approach

Safe-T has an innovative answer. Our unique new fax security solution allows users to send and receive faxes via an easy-to-deploy Outlook plug-in, with traffic routed through our Software Defined Access components and third-party fax-to-IP, DLP, and SandBox solutions like Check Point SandBlast, and FAXSIPIT, to convert faxes to emails, and scan them for threats. This means malware transmitted via fax messages is stopped before it arrives at the endpoint, sensitive data is not allowed to leave the organization via fax, and faxes can even be sent securely using AES-256 and other encryption standards.

Using a newly released joint solution between Safe-T, FAXSIPIT, and Check Point, it is now possible to implement an email-to-fax and fax-to-email solution, adding security to an existing fax deployment. The joint solution works by converting standard fax deployment, to a fax to email (incoming fax) or email to fax (outgoing fax) and then passes the EML to be scanned by the Check Point SandBlast and DLP before continuing the flow.

By deploying this solution, you can now replace your legacy fax with the secure fax-to-email service in order to remove the threat of faxploits as well as prevent malware entering the organization over IP fax services.

Safe-T’s Software Defined Access platform leverages our patented Reverse Access technology. This dual-server system allows traffic to pass securely between networks without the need to open any ports within the internal firewall, ensuring only legitimate session data can pass through. 

With this solution, organizations can, for the first time, create information security policies to mitigate potential cybersecurity threats entering the organization via fax. And it will help you comply with a range of regulations including FISMA, HIPAA, PCI-DSS, and GDPR.

If you’re still wondering how big a threat this could be, fax machines are surprisingly commonplace in a variety of sectors, including government and legal. In fact, figures cited by Check Point estimate that there are over 46 million faxes still in operation around the world, including 17 million in the US alone. That’s why we’re pleased to be bringing the best of Safe-T innovation and combining it with expertise from our partners to offer yet another win-win for our global customers.

Software Defined Access WP

All posts