Eliminating the Weakest Security Link on Your Network

How to eliminate printer vulnerabilities as a prime target on your corporate network

When network security breaches hit the news, headlines typically focus on the scale of the breach, the number of records compromised, and the cost of the breach in lawsuits and recovery. What often gets buried in the details is the surprisingly mundane ways hackers find their way into networks to steal data and cause mayhem, including an open door through networked printers.

Until recently, most people would not have considered a printer to be a doorway to their otherwise secure network. But as IT security becomes more hardened, hackers have been creative in finding softer targets. In the last year, attacks on printers as network gateways has exploded, often with dramatic results.

How Networked Printers Can Become an Open Door

Last December, one hacker discovered hundreds of thousands of printers with open network ports on a service called Shodan, which systematically polls every IPv4 address on the internet, tries to log on with manufacturer default passwords, and details any information it can gather including open ports. The hacker selected 50,000 printers with open ports, and sent instructions to every one of them to print a message.

The attack was fairly innocuous--the victims simply saw their printer deliver an unexpected message. But the exploit opened the floodgates for other hackers who would go on expand on the technique to use networked printers as access points to the network. Once on the network, the threats and vulnerabilities become exponential.

Ways Printers Can be Used in Cyberattacks

Using networked printers as an unsecured gateway to a business network is only one kind of vulnerability. Even if hackers aren't able to use your printer as a gateway, there other types of attacks on printers that cause damage and unexpected losses:

• Printer attacks can be used to intercept documents queued for printing--including contracts, business plans, presentations and personnel matters.
• Data and documents stored temporarily on printer hard disks can be accessed and stolen.
• Multi-function printers can be hacked to mail out documents to external sources.
• Attacks on printers, including mass printing of unexpected documents, can be used to cause a distraction from another kind of attack or crime.

In one recently uncovered case, North Korean hackers regularly disabled the printers used by targeted banks to confirm monetary transfers, while creating transfers of cash into a remote bank account.

Securing Your Printers Against Cyberattacks

The vulnerability of printers has been known for several years, and yet repeated surveys by security firms like Kaspersky show that businesses have been slow to respond with even the most basic security protocols. Here are some of the most important steps to take to secure your printers.

1. Change the default login credentials.
2. Monitor security updates for your printers as frequently as you monitor updates for your computers.
3. Ensure your printers are covered within your network security protocols, including managing open ports.
4. Disable any networking protocols your employees don't need, like Telnet and FTP.
5. Isolate your printers on a local network and disable out-of-network connections.