Printers: The Weak Link in Enterprise Security

  /     /     /  
Publicated : 22/11/2024   Category : security


Printers: The Weak Link in Enterprise Security


Organizations frequently overlook printer security, leaving systems exposed to malware and theft. New tools aim to lessen the risk.



PC security has become a priority for security leaders following global ransomware attacks earlier this year. If they didnt before, everyone from CISOs to everyday consumers knows its a bad idea to ignore security updates or use simple, breakable passwords.
This heightened awareness does not extend to printers, however, and hackers are exploiting poor printer security practices.
Unlike PCs, where theres a full appreciation for the need to secure those devices, theres much less awareness to the need to secure print devices, says Ed Wingate, VP and GM for HPs JetAdvantage Solutions, noting that strong security practices for protecting PCs and other nodes on the network are not consistently deployed to printers.
Weak link in the IoT
Sam McLane, who runs the security engineering team at Arctic Wolf, says he is far less concerned about
todays
printers than about
yesterdays
printers. Many organizations, especially smaller ones, use printers around five to eight years old, and havent updated them.
Printers, specifically, have a much longer shelf life than any of the other IoT devices, and they were the earliest of the adopted devices, he explains. People will run them into the ground and then some before they start replacing them.
This poses an especially big problem to small offices using consumer-grade devices, McLane continues. SMBs dont have the need or budget for high-end enterprise level printers, and make the mistake of sending corporate data into the cloud with lower levels of protection on a device meant to be in someones house and not necessarily in a corporate environment.
Someone could get into a computer via malware; printers advertise themselves well, says McLane. If a laptop or desktop gets compromised, a printer is a great spot to put malicious code that everyone talks to … its a built-in platform to launch attacks.
Common printer slip-ups
Most frequent mistakes include employing weak or default passwords, and neglecting to update firmware. Printers are not always updated with the latest firmware, HPs Wingate adds. In fact, we see heavy use of old firmware with printers, some with known vulnerabilities that are not being patched to the latest version. That represents an opportunity for hackers to come in.
Mismanagement of printer settings and ports leaves the door wide open for remote entry onto devices and into corporate infrastructure, he continues. Lack of active monitoring for printers also leaves businesses vulnerable to unauthenticated actors.
When overlooked, these errors can put full organizations at risk. Earlier this month, security researcher Ankit Anubhav
found
nearly 700 Brother printers exposed online, granting full access to their administration panels over the Internet. Devices on university, corporate, and government networks could be found via IoT search engines like Shodan and Censys.
One of the factors behind this exposure was the decision to ship printers with no administrative password. Researchers believe most businesses likely connected vulnerable machines to their networks without recognizing their administrative panel was exposed.
Vendor responsibility
As Wingate points out, its not enough to simply protect a network from initial penetration. Firewalls are helpful but not sufficient, he explains. CISOs must assume their network has already been breached and ensure there is no lateral attack on the network.
What weve discovered in our research is that certain malware packets are able to enter the network by being sufficiently small and low profile - effectively entering under the radar, he explains. Once inside, it needs to contact the master command-and-control server to know what to do next. The way it does this is characteristic of that type of malware attack.
HP is addressing modern printer risks like this with a tool called Connection Inspector, which analyzes outbound network connections typically targeted by malware. It detects anomalous behavior and, if necessary, triggers a reboot to go back to a known version of the BIOs. This accelerates response speed, Wingate says, which is important given the security skills gap.
If you have a human in the loop, who needs to be notified that theres a malware penetration, and he or she delays the response on solving the issue that undermines the security of the entire network, he explains.
Other new tools aim to improve security amid cloud growth and the rise of remote work. HP Roam, a Pull Print solution built in the cloud, lets mobile workers hand off documents and print them, then erases the job off the printer once the job is complete.
Whether its a sales rep in the field, an insurance agent, or any other road warrior in the field, they sometimes must print, says Wingate. And if theyre not at home, and theyre rarely at the office, where do they securely print? They dont securely print.
[Hear Arctic Wolfs Sam McLane discuss
Targeted Attacks: How to Recognize Them From the Defenders Point of View
at the INSecurity conference at National Harbor, Md., on Wed., Nov. 29. Register 
here
.]
Related Content:
Getting the Most Out of Cyber Threat Intelligence
10 Major Cloud Storage Security Slip-Ups (So Far) this Year
Ransomware Grabs Headlines but BEC May Be a Bigger Threat
IoT: Insecurity of Things or Internet of Threats?
Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity
agenda here
.

Last News

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Printers: The Weak Link in Enterprise Security