Given the fact that now pretty much everybody uses the Cloud in some form or another, we tend to forget the good ole days of the hardware aspects of it all. For example, we no longer have to deal with workstations or portable media devices, everything is a Cloud based instance.
But there is one thing that we still take for granted, and
even forget about as we go about our daily work activities.
That is the printer.
They come in all forms and sizes, and even range in complexity if it is
an office based one. With these, not only
can you print, but you can also scan, send email attachments, send faxes, make
phone calls, etc. But because of all of
this, this hardware has become a prized target for the Cyberattacker.
Of course, there are probably many backdoors with these
ultra sophisticated office printers, but even some of the most basic ones have
become a target.
Look at some of these latest hacks which have happened:
*Lexmark:
https://www.darkreading.com/cloud/critical-rce-lexmark-printer-bug-has-public-exploit
*HP:
https://support.hp.com/us-en/document/ish_7905330-7905358-16/hpsbpi03838
*Microsoft:
https://www.cisa.gov/news-events/bulletins/sb23-052
*Canon and Lexmark:
You can click on the above-mentioned links to get more
details about these Cyberhacks that have happened to these major printer
vendors.
The printer is often forgotten about piece in the IT/Network
Infrastructure, and this is further exemplified according to a research project
that was conducted by an organization known as Quocirca. Their report is entitled the
"Global Print Security Landscape Report 2022.” It can be downloaded at this link:
https://quocirca.com/quocirca-print-security-landscape-2022-press-release/
Here is what the survey found:
*Only 26% of the total respondents actually feel confident
that their printers and other associated hardware are actually safe from a Cyber-attack;
*Almost 60% of the CISOs polled could not keep not with the just
latest advances in printer technology, but also in terms of keeping up with the
latest firmware/software patches and upgrades, because it has been such a low
priority for them;
*67% of respondents feared that the home printers being used
for WFH purposes will bring further risk to the business;
*Only 38% if the businesses polled have some sort of
analytics dashboard in place to detect any abnormal or suspicious behavior to
their printers;
*But the good news is that almost 70% of the respondents
plan to increase Cyber spending for their networked office printers in 2023.
All of this is illustrated in the diagram below:
(SOURCE: https://www.darkreading.com/vulnerabilities-threats/printers-pose-persistent-yet-overlooked-threat)
You may be asking at this point, why are printers so ignored
when it comes to security? The bottom
line is that nobody wants to deal with them.
Once they are procured and installed at a place of business, people just
don’t want to mess with them because they are viewed as being too complex to configure
again if something goes wrong with it.
They leave all of that to the maintenance person from the vendor
who makes their periodic visits to the place of business.
The main issue also is that printers (especially the office
ones) are just about bad to network together as are servers, especially if you
are dealing with an On Prem Infrastructure.
Unlike a home printer, these ultra fancy printers have to be networked
not only with other printers, but with all of the other servers as well.
All of this can lead to an even further complex environment,
which in the end only increases the attack surface for the hacker to penetrate
into.
Also, since printers are very often overlooked (because of
the previously mentioned reasons), this is a favorite hiding place as well for
the Cyberattacker to hang out going undetected.
Once they have established the entire lay of the land with respect to the
IT and Network Infrastructure, they can then move in a lateral fashion to
deploy their malicious payloads.
In fact, an office printer would be the perfect vehicle for
a Cyberattacker from which to exfiltrate private information and data as well. Keep in mind that these super sophisticated
printers retain a huge amount of memory after they have been used.
For example, if you scanned a document in, and emailed to a
particular recipient, the image of that document still remains for a very long
period of time, until it is purged from the system.
The same holds true for doing photocopying. All images are also stored theoretically indefinitely,
until it is erased. Not many people are
aware of this, and the Cyberattacker knows this very well. This is yet another reason why printers are
such a favored target.
Another key area of weakness is that of the Remote Workforce. For example, if somebody works from home,
they can still very easily send that document to print from the actual physical
location of the business. This poses yet
another area of risk, which is the intermingling of both the home and corporate
networks. This was an issue that became
very stark at the advent of the COVID-19 pandemic, and even to this day, I don’t
think it has been totally resolved.
My Thoughts On This:
The office printer is an item that must be included in every
Risk Assessment that your company does. Btu
what makes this more complex is that it can be considered both a tangible and a
digital asset. But whatever it may be in
the end, it needs to be protected.
Also, make sure that your IT Security team is aware of all
of the software patches and upgrades that need to be deployed onto your printers. It should be part of a regular schedule as
anything else is in your IT/Network Infrastructure.
Also, consider having the vendor come out your place of business to give security awareness training to the employees in your company. After all, they need to learn how to use these pieces of equipment while also keeping up a strong level of Cyber Hygiene.
No comments:
Post a Comment