For most organizations, a cyber attack is no longer an “if” but a “when.” These attacks span every industry and every business size around the world, but hackers are using a new entry point into corporate networks: connected printers. In a February 2019 study by Quocirca Global Print Security, 11 percent of security incidents reported by organizations over the past year were print security breaches. Spiceworks also found that only 22 percent of organizations monitor printer syslogs and just 13 percent connect printers to SIEM tools. On top of that, the Quocircia Global Print Security study revealed 59 percent of organizations reported an incident of print-related data loss in the past year.
With news of security breaches in the headlines weekly, if not daily, companies are increasingly aware of the risks and the critical importance of taking preventative measures.
Here, we’ve summarized what can happen when hackers take advantage of under-secured or overlooked devices, such as printers. These examples of print security breaches are from publicly available news articles collected from the internet in April 2019.
Multi-function printers give access to the entire network
During an internal network penetration test, a security firm was able to utilize the printers’ TCP/IP port to gain access to secure network segments otherwise locked out by access-control lists. The port was connected to the local switch that was left openly configured to access all network VLANs and subnets.
“We’ve compromised a number of companies using printers as our initial foothold; we move laterally from the printer, find Active Directory, query it with an account from the printer and bingo, we hit GOLD,” as Peter Kim writes in, The Hacker Playbook: Practical Guide to Penetration Testing.
Using printer hacks for propaganda
In a hotly contested race for views, a fan of YouTube personality PewDiePie used printers to try to overtake the viewing numbers of PewDiePie’s rival, T-Series. Accessing and exploiting over 50,000 printers through open internet connections, the fan printed flyers encouraging people to subscribe to the Youtuber. The fan included a public service announcement on the flyer acknowledging the breach: “Protip: Your printer is exposed to the internet. Please fix that.”
The Norwegian parliament uncovers the vulnerability of their printers
After alleged Russian interference at the Storting, Norway’s Parliament building, there was a security review that revealed that unsecured printers could be used as a bridge between networks. This led to marking several printers with notes saying, “Not to be used—very important,” until they could replace the at-risk printers.
Open-source remote access protocols leave 3D printers open to attack
The security of nearly 3,800 3D printers was compromised late last year, affecting multiple global operations. Security was so lax that literally anyone online could have hacked them. How? Through OctoPrint, a commonly used open-source interface that enables remote access to print stations.
The convenient, open-source OctoPrint interface had no password authentication deployed, so anyone online could access it. Through it, attackers could:
View printer webcams and download 3D models.
Gain access to the files of 3D models of unreleased products containing proprietary information.
Reflash the device’s firmware or modify the printer settings to damage the printer or potentially cause a fire.
Tools like Shodan, a search engine for internet-connected devices, make it easy for cyber attackers to find and breach unsecured printers. Printers configured for open internet access (without authentication) are easily discovered, making them vulnerable to a print security breach by expert and entry-level hackers alike.
Using fax machines to access networks fraudulently
According to researchers at Check Point Software Technologies, cybercriminals can hack company networks and steal sensitive files by exploiting vulnerabilities in multifunction printers (MFPs). The researchers took over a Multi-function Printer (MFP) by faxing malicious code disguised as an image file. They infiltrated the company network through the device it was connected to.
Millions of fax machines are still in use, especially in the medical sector. To avoid exposure to a print security breach, companies must keep highly sensitive files in sub-networks, separate from their network MFPs.
Exposed printers hacked for a benign publicity stunt
Users at Skillbox, an online training site, accessed printers to output promotional flyers for a design course. By using Shodan to discover the internet-connected devices, they sent a print job using the exposed printers’ available 9100 port. Although hackers used printer vulnerabilities purely for self-promotion in this case, the incident highlights the ease of how hacks can happen—and the importance of configuring printers for security.
In today’s cyberthreat landscape, taking the right steps to secure your print fleet is more important than ever. Outsourcing the security management of print fleets to a managed print services provider can help keep devices configured and maintained to your company’s security policies. By getting help, you can be more confident after the next breach happens that you have reduced your risk by closing print security gaps.