Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

8/31/2018
10:40 AM
Connect Directly
Twitter
RSS
E-Mail
100%
0%

How Hackers Hit Printers

New Booz Allen Hamilton report advises companies to include printers in their overall security strategy.

Networked printers increasingly are becoming targets of hackers as these devices often aren't secured by enterprises.

A new study cited by Booz Allen Hamilton found that of 61% of survey respondents who reported a data loss incident in 2016, at least 50% had at least one such incident linked to a printer. The 2017 survey by Quocirca included 200 companies with more than 1,000 employees.

The security incidents included digitally intercepted print jobs (50%), loss of data from printer hard disks (48%), mailing of documents via multifunction printers to external sources (44%), and printers getting hacked to gain network access (18%).

"Today's office printers are full-functional computers that have a printer, scanner, photocopier, and a fax machine, as well as an email platform with local storage, wireless networking, and an operating system," says Nate Beach-Westmoreland, head of strategic threat intelligence for Booz Allen and author of the printer portion of the firm's new Cyber4Sight report. "Security pros need to prioritize network printers as such."

Some of the most common types of cyberattacks on printers include disabling printers for ransom and abusing insecure printers for vandalism or vigilantism.

Brian Minick, Booz Allen's vice president of cybersecurity, says state-linked criminals believed to be out of North Korea have regularly targeted printers in their cyberattacks on banks. They disabled printers used to confirm SWIFT network transfers, for example, in the attacks on City Union Bank in India and the Bank of Bangladesh.

"After gaining access to a network from some other entry point, bad threat actors often disable printers as a distraction or way to cover their tracks during a broader attack that makes bank transfers to the criminal's bank account," Minick explains. 

Printer giant HP recently launched a bug bounty program with Bugcrowd where it will pay up to $10,000 per vulnerability found in its enterprise printers, a move that underscores how these devices are becoming targets.

"We agree that, like the PC, printers have become incredibly powerful devices with increased storage and processing power," says Shivaun Albright, chief technologist of print security for HP. "We haven't reached the awareness-level, though, to secure print devices and implement all the good security practices that are employed to protect PCs and other important nodes in the network."

There's a gap today in discussions between decision makers and those implementing the technology, she says, as well as mismanagement in the deployment of printers. Companies leave critical ports and settings open, making it easy for attackers to remotely access the device. Albright recommends that customers work with their channel partner to leverage a managed print-services program.  

Booz Allen’s Minick and Beach-Westmoreland say printer vendors need to respond to vulnerabilities the way Microsoft did when it set up Patch Tuesday for Windows systems, offering regular security updates. 

Meanwhile, enterprises need to get visibility into their printer security, they say, and build continuous network monitoring into their environments in order to monitor printers the same way they do with network firewalls, switches, routers, and servers.

Related Content:

 

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jenshadus
50%
50%
jenshadus,
User Rank: Strategist
9/6/2018 | 12:06:54 PM
Re: No surprise here
I don't remember that incident.  But I do remember that part of our pentest on banks included printers and fax machines.  This was back in the 90's.  Have we forgotten so much?
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
9/4/2018 | 8:57:18 AM
No surprise here
I remember ages ago when a simple Google search string was posted that opened up the internal web page built into HP OfficeJet printers.  Almost ALL of them around the world!!!   It was that bad and showed the IP address assigned to each OfficeJet.  Incredible which, to a hacker, is an invite - here we have an internal address.  Wonderful and a web page too.  I don't see that anymore but scant attention is always given to these odd internal endpoints and their web page data. 
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
US Sets $5 Million Bounty For Russian Hacker Behind Zeus Banking Thefts
Jai Vijayan, Contributing Writer,  12/5/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19604
PUBLISHED: 2019-12-11
Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository.
CVE-2019-14861
PUBLISHED: 2019-12-10
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permiss...
CVE-2019-14870
PUBLISHED: 2019-12-10
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authent...
CVE-2019-14889
PUBLISHED: 2019-12-10
A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence...
CVE-2019-1484
PUBLISHED: 2019-12-10
A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'.