FROM THE FRONTLINES : A CISO’s VIEW OF PACIFIC RIM - PART 2
Follow these best practices to avoid the security holes created by these often-overlooked, but ubiquitous, devices.
In February 2017, the FBI reported that a hacker using the alias Stackoverflowin compromised over 160,000 printers by scanning for printers open on ports 515, 631, and 9100. Stackoverflowin sent print jobs to the affected printers, demonstrating the ease with which these devices could be exploited.
Often overlooked as an Internet of Things (IoT) device, printers offer promiscuous connectivity, serving as easy access points with a massive network footprint. The majority of printers are simply just plugged in to the network, which allows anyone with network access to connect and upload malware to these devices. With so many access points, including Wi-Fi Direct, Ethernet, Wi-Fi 5 GHz, Wi-Fi 2.4 GHz, and Bluetooth, bad actors can easily access any network and gain control of valuable data.
Printers are like a premium Swiss cheese — the highest quality, but full of holes. Many of these machines last 20 to 30 years, and, as a result, their security is overlooked because of their durability. Once a printer has passed the 20-year mark, there are no longer any effective security updates. At that point, it is time to ask: Is durability worth the risk?
For many organizations, the printer offers an easy way in for an attacker. Once bad actors get a foothold on the device, malware can be installed, then used to attack the rest of the network. While there are dozens of known exploits for printers, there are also a lot of devices for IT teams to manage. Thus, IT teams are often overwhelmed by device management and overlook printers. Furthermore, large commercial printers are often managed by other teams, such as facilities management or third-party vendors, leaving enterprises wondering who is responsible for printer security or, even worse, who is accountable when devices are hacked.
After reviewing more than 1 million IoT devices, 20% of which were printers, I found that very few printers had passwords. On top of that, none of them had up-to-date firmware All of them, therefore, are vulnerable to potential attacks. Follow these best practices to keep printers safe from unauthorized access, network pivots, east-west navigation with multiple network interfaces, data theft, and eavesdropping.
Monthly password rotation: Printers rarely have passwords set. This is an obvious first step in protecting any device, but it is often overlooked. Organizations should always assume a printer is not password-protected and take action themselves. Once a strong password has been created, it should be reset at least once per month, to reduce the risk of a credential-stuffing attack.
Keep firmware up to date: Just like other IoT devices, printers need regular updates and patches. Be sure to check for firmware updates on all printer and network devices for regular patch management. Firmware updates can add security features, patch security holes, and fix other issues. They are also issued regularly. For example, HP sends out 10 or more firmware updates each day!
Secure printing ports: An easy way for hackers to gain access to a company's printer is through an insecure port. If possible, consider disabling certain network ports that are vulnerable to exploitation such as 515, 631 (IPP port), 9100, and Server Message Block protocol, among others. Use the IPPS protocol via SSL port 443 instead.
Data protection: Commercial and multifunction printers may retain data from print jobs, exposing an organization to a data breach if the device is compromised. For this reason, companies should encrypt the printer hard drive and/or regularly erase any data that may be temporarily stored. In some instances, printers may have an auto-erase feature available. All enterprises should have a process in place to make sure the printer isn't storing unencrypted data.
Access control: Only authorized employees should have access to a networked printer, and remote access should be disabled. In large enterprises, it is also advisable to segment printers based on the level of sensitive data that will be processed, since some of this may be retained as temporary data.
Monitor for vulnerabilities: New vulnerabilities are released every week, and it's important for businesses to monitor for any software or firmware vulnerabilities that affect their specific model of printer. If patches aren't available, the organization should consider disconnecting these devices from the network.
Firewall: Although firewalls are not a bulletproof solution, they are another layer of security that should be incorporated into these devices.
Know when it's time to say goodbye: Organizations should never use a printer past its end-of-service date. Once a printer is no longer eligible for customer support or firmware updates, it's too insecure and should be discarded.
Finally, with 3D printers and additive manufacturing on the rise, even the most advanced devices are susceptible to bad actors. With 3D printers, the risk is worse: a sophisticated hacker could potentially tamper with the production process itself, creating flaws in the finished products. An attack on a 3D printer could also be used to steal valuable IP or cause production outages and delays. If you have ever listened to a 3D printer, it could also be a creative exfil platform using audio.
By keeping in mind these best practices for office printers and 3D printers, organizations can take proactive measures to keep their devices, data, and networks safe. Organizations must not overlook the massive footprint that printers hold, and instead emphasize keeping these endpoints secure.
Co-Founder and Chief Executive Officer at Phosphorus Cybersecurity
https://www.darkreading.com/endpoint/how-your-printer-is-like-swiss-cheese
If you found this blog post useful, subscribe to our newsletter to get valuable content, news, views in your areas of interest by clicking on the button below.
Leave a Comment 👋
FROM THE FRONTLINES : A CISO’s VIEW OF PACIFIC RIM - PART 2
MAYDAY-OP PACIFIC RIM-PRC IS IN YOUR NETWORK - PART 1
PRC APT GROUP SALT TYPHOON BREACHES US TELCOS & TARGETS TRUMP & VANCE DEVICES