Governmental agencies around the western world are recommending that organizations place renewed focus on cyber security following unprecedented cyber activity linked to the war in Ukraine. It means it’s time for you to check your printer security.
Printers are often amongst the least secured devices on a corporate network. Many are simply added using a “plug and play” approach. No attempt is made to change factory default settings – including the password.
This leaves them vulnerable to attack.
Now, with warnings about the increased cyber threat as a result of the war in Ukraine, it is a good time to check that your printers and other network devices are properly secured.
In January 2022, the National Counterintelligence and Security Center and the federal government in the USA warned the public about the risks of commercial surveillance tools that have been used to spy on journalists and political dissidents by infecting their phones with malware.
That same month, The Federal Bureau of Investigation (FBI), Cyber Security and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) issued a joint advisory that gave an overview of the commonly used tactics and techniques used by Russian state-backed threat actors so that the security community can take a more proactive stance on threat hunting.
Since then, we’ve had numerous warnings from governmental agencies in the USA and across Europe warning of additional cybercrime activity that is being undertaken by Russian state-sponsored criminals.
Because printers are often installed on a network without any changes to the factory settings – including the password – this can make them an easy target for hackers. Furthermore, printers are often overlooked when it comes to upgrading and updating firmware.
Cyber criminals can exploit the printer as an unsecured point on the network. Once on the network, the cybercriminals are able to move around to steal data, install ransomware or undertake other problematic behaviours.
The Business Optimizer team has reported in the past on the danger of unsecured printers and peripheral devices on your organisational network. For example, in one notorious attack in 2018, supporters of YouTube star PewDiePie dramatically hacked more than 50,000 printers in an attempt to prevent the YouTuber’s number one ranking being overtaken by rival YouTube star T-Series.
Now that Russian-backed bad actors are stepping up the targeting of Western assets, organisations must try to close down whatever unsecured access points might exist onto their network.
In UK, the National Cyber Security Centre (NCSC) continues to call on organisations in the UK to bolster their online defences following Russia’s unprovoked, premeditated attack on Ukraine.
Amongst its wide-ranging guidance on how to respond to the heightened threat, the NCSC recommends that organisations check the patching of all devices and operating systems, so that any vulnerabilities are closed. This means updating your printers’ firmware. The NCSC suggests that organisations “Perform an external vulnerability scan of your whole internet footprint and check that everything you need to patch has been patched. Internet-connected services with unpatched security vulnerabilities are an unmanageable risk.”
In an earlier article about printer security, the Business Optimizer team outlined three clear steps to take to ensure better printer security:
In addition, the NCSC suggests “If your organisation has plans in place to make cyber security improvements over time, you should review whether to accelerate the implementation of key mitigating measures, accepting that this will likely require reprioritisation of resources or investment.”