Saturday, April 8, 2023

You Need To Pay Attention To Printer Security - Must Read

 



Given the fact that now pretty much everybody uses the Cloud in some form or another, we tend to forget the good ole days of the hardware aspects of it all.  For example, we no longer have to deal with workstations or portable media devices, everything is a Cloud based instance. 

But there is one thing that we still take for granted, and even forget about as we go about our daily work activities.

That is the printer.  They come in all forms and sizes, and even range in complexity if it is an office based one.  With these, not only can you print, but you can also scan, send email attachments, send faxes, make phone calls, etc.  But because of all of this, this hardware has become a prized target for the Cyberattacker. 

Of course, there are probably many backdoors with these ultra sophisticated office printers, but even some of the most basic ones have become a target.

Look at some of these latest hacks which have happened:

*Lexmark:

https://www.darkreading.com/cloud/critical-rce-lexmark-printer-bug-has-public-exploit

*HP:

https://support.hp.com/us-en/document/ish_7905330-7905358-16/hpsbpi03838

*Microsoft:

https://www.cisa.gov/news-events/bulletins/sb23-052

*Canon and Lexmark:

https://www.darkreading.com/application-security/hackers-score-nearly-1-million-at-device-focused-pwn2own-contest

You can click on the above-mentioned links to get more details about these Cyberhacks that have happened to these major printer vendors. 

The printer is often forgotten about piece in the IT/Network Infrastructure, and this is further exemplified according to a research project that was conducted by an organization known as Quocirca.  Their report is entitled  the "Global Print Security Landscape Report 2022.”  It can be downloaded at this link:

https://quocirca.com/quocirca-print-security-landscape-2022-press-release/

Here is what the survey found:

*Only 26% of the total respondents actually feel confident that their printers and other associated hardware are actually safe from a Cyber-attack;

*Almost 60% of the CISOs polled could not keep not with the just latest advances in printer technology, but also in terms of keeping up with the latest firmware/software patches and upgrades, because it has been such a low priority for them;

*67% of respondents feared that the home printers being used for WFH purposes will bring further risk to the business;

*Only 38% if the businesses polled have some sort of analytics dashboard in place to detect any abnormal or suspicious behavior to their printers;

*But the good news is that almost 70% of the respondents plan to increase Cyber spending for their networked office printers in 2023.

All of this is illustrated in the diagram below:


(SOURCE:  https://www.darkreading.com/vulnerabilities-threats/printers-pose-persistent-yet-overlooked-threat)

You may be asking at this point, why are printers so ignored when it comes to security?  The bottom line is that nobody wants to deal with them.  Once they are procured and installed at a place of business, people just don’t want to mess with them because they are viewed as being too complex to configure again if something goes wrong with it. 

They leave all of that to the maintenance person from the vendor who makes their periodic visits to the place of business.

The main issue also is that printers (especially the office ones) are just about bad to network together as are servers, especially if you are dealing with an On Prem Infrastructure.  Unlike a home printer, these ultra fancy printers have to be networked not only with other printers, but with all of the other servers as well. 

All of this can lead to an even further complex environment, which in the end only increases the attack surface for the hacker to penetrate into.

Also, since printers are very often overlooked (because of the previously mentioned reasons), this is a favorite hiding place as well for the Cyberattacker to hang out going undetected.  Once they have established the entire lay of the land with respect to the IT and Network Infrastructure, they can then move in a lateral fashion to deploy their malicious payloads.

In fact, an office printer would be the perfect vehicle for a Cyberattacker from which to exfiltrate private information and data as well.  Keep in mind that these super sophisticated printers retain a huge amount of memory after they have been used. 

For example, if you scanned a document in, and emailed to a particular recipient, the image of that document still remains for a very long period of time, until it is purged from the system.

The same holds true for doing photocopying.  All images are also stored theoretically indefinitely, until it is erased.  Not many people are aware of this, and the Cyberattacker knows this very well.  This is yet another reason why printers are such a favored target.

Another key area of weakness is that of the Remote Workforce.  For example, if somebody works from home, they can still very easily send that document to print from the actual physical location of the business.  This poses yet another area of risk, which is the intermingling of both the home and corporate networks.  This was an issue that became very stark at the advent of the COVID-19 pandemic, and even to this day, I don’t think it has been totally resolved.

My Thoughts On This:

The office printer is an item that must be included in every Risk Assessment that your company does.  Btu what makes this more complex is that it can be considered both a tangible and a digital asset.  But whatever it may be in the end, it needs to be protected.

Also, make sure that your IT Security team is aware of all of the software patches and upgrades that need to be deployed onto your printers.  It should be part of a regular schedule as anything else is in your IT/Network Infrastructure. 

Also, consider having the vendor come out your place of business to give security awareness training to the employees in your company.  After all, they need to learn how to use these pieces of equipment while also keeping up a strong level of Cyber Hygiene.

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...