COPIERS & PRINTERS: AN OVERLOOKED NETWORK SECURITY RISK
Why are copy and print devices overlooked in so many IT security strategies, despite clear evidence that they are an easy target for cyber criminals?
Print devices are not getting enough attention in enterprise IT security strategy.
High-tech, low Priority.
Today’s modern print devices are sophisticated, vulnerable pieces of network
technology. For example, printers are similar to IoT devices with built-in proprietary software; they are intelligent, programmable, and internet-connected. In addition, multi-function print devices use powerful capabilities to process and transmit data, as well as scan to USB and email. In addition, today’s print devices are built with connectivity functionality such as remote management and smart application access. They are often connected across multiple network subnets with varying trust levels, making them a viable source for hackers to move laterally through a corporate network. Each print device comes with its own set of proprietary software that must be configured, patched, updated, and monitored. Like other providers of software and proprietary systems such as IoT devices, the print device manufacturer has the responsibility to patch and provide security features such as malware detection.
Also, IoT manufacturers often lag in incorporating security features. As described above, there are numerous ways that attackers take advantage of vulnerabilities, especially in off-the-shelf devices, making it critical for enterprises to take printer security seriously. So, why are these sophisticated pieces of technology overlooked? A significant part of the issue is a general lack of IT visibility and/or a lack of risk prioritization. For example, print devices are often installed, managed, and/or connected to the network by individual business teams in a very decentralized manner; thus, the enterprise has zero visibility. Or print devices are deployed by facility and procurement departments as a continuation of legacy processes established originally for copiers and fax machines. Often, IT has no knowledge of these print devices, meaning their configuration management database of devices on the network is outdated and incomplete. This is the case for 55% of companies, according to HP security risk assessments.
Another reason print devices are overlooked: Companies think existing protections like firewalls are sufficient. However, in its threat investigations, SonicWall found cyber criminals are using malicious PDF and Office files to get around these security controls—to greater effect. That’s because it takes only one user to send a print file with a weaponized Postscript file to initiate a stealth attack. In addition, it’s common for the IT staff to neglect print devices due to the sheer volume of devices across the enterprise. The typical organization has deployed multiple print device brands, each with its own set of proprietary software to configure, patch, update, and monitor. For example, a multi-function print device can have up to 250 security settings that must be configured. The Spiceworks survey found that many IT departments simply don’t have the time and knowledge to keep up.
The writing is on the wall: As an endpoint device attached to the network, the print device is a significant security risk.
Just like IoT sensors, today’s modern, intelligent, programmable print devices are routinely connected to the internet and the corporate network—in turn expanding the enterprise cyber attack surface.
Whether you secure them or not, printers are a target.
Even more so than a PC, a print device can be an easy target for cyber criminals to gain access to the network. Many enterprise printers are not hardened, have no access controls or authentication policies in place, don’t use encryption, and/or are running outdated firmware, based on HP Security Advisory Service risk assessments. Hackers look for these under-secured, unmonitored endpoints to gain entry to the network.
By infecting a print device, hackers can then move laterally through a network and cause damage while they remain hidden. “We’ve compromised a number of companies using printers as our initial foothold. We’ve moved laterally from the printer, find the Active Directory, query it with an account from the printer and bingo, we hit gold,” writes Peter Kim in his book The Hacker Playbook 2: Practical Guide to Penetration Testing. How do hackers exploit vulnerabilities and gain entry to print devices? There are several methods:
- Remote AttacksThe hacker runs execution code via a multi-function print device’s telephone line. Or they send weaponized Postscript or Office files as a phishing attempt. These strategies bypass firewalls and can be used to then move across the network for further exploits.
- Physical AttacksThe attacker physically plugs in a USB drive to the print device. If this maneuver is not discovered, the criminal can move through the network to exfiltrate sensitive data.
- Wireless HackingA smartphone with stolen credentials can send malware to local printers. Taking it a step further, Singapore researchers attached a mobile phone to a drone, and then demonstrated how the device could intercept data to or from an open, wireless print device.
- Use of Hacking ToolsTools such as Metasploit or Mimicatz allow hackers to scan the printer and local subnets for data such as user information and admin credentials that can provide access to different networks.
- Exploit Old ProtocolsHackers can gain entry by exploiting old protocols or system services, typically available on printers to run malware.
- Take Advantage of Misconfigured DevicesWould-be attackers won't think twice about taking advantage of misconfigured devices, especially those set up with default accounts or passwords.
5 Steps To Print Device Security
There’s a better way to ensure print device security, including starting with an assessment and looking to your managed print services (MPS) provider to take on IT security tasks. Print devices must become part of the organization’s overall IT security strategy. To that end, analyst firm Quocirca offers some of the following recommendations:
Assess security and risk
Buy with security in mind
Strengthen printer use & maintenance
National Institute of Standards and Technology. Use encryption services and protocols to ensure secure transfer of print jobs. Also, consider automating the process of firmware updates for easier management.