March 6th, 2019 by Kevin Box
In late 2013, hackers breached the systems of Fazio Mechanical Services, a heating and ventilation systems contractor. Through the Fazio Mechanical Services breach, the attackers were able to steal the network credentials of the third-largest U.S. retailer at the time — Target Corporation.
According to KresonSecurity, the hackers infected Fazio Mechanical Services with the Citadel malware, a password-stealing program, via an email phishing attack sent to employees. The attackers were then able to steal network credentials to Target’s gateway server through a “data connection” with the HVAC contractor.
The hackers would go on to use the stolen credentials to take advantage of vulnerabilities in Target’s system, obtain access to a customer service database, and upload malware on cash registers in Target retail stores. The malware eventually spread to the majority of Target’s point of sale (POS) system during the 2013 holiday shopping season.
The massive data breach exposed the Personal Identifiable Information (PII) of up to 70 million Target customers, including full names, phone numbers, email addresses, and mailing addresses. The attackers also stole data for 40 million debit and credit cards.
Target would later state that the total cost of the breach was $202 million in legal fees and other expenses. The breach cost Target $18.5 million in a multi-state settlement in May 2017 that included 47 states and the District of Columbia, and $10 million in a class-action lawsuit settlement in March 2015.
The Target breach, recognized by CSO as the seventh largest breach of the 21st century, was one of the first significant isolated breaches we saw. Over time, Target has been joined by Yahoo, Marriott, Under Armour, Equifax, and a long list of other companies that have fallen prey to breaches.
Cyberthreats Are on the Rise
Target is a classic example of what can happen to any company when vulnerable endpoints are breached. According to Positive Technologies, billions of people were affected by data breaches and cyberattacks in 2018.
Organizations must prepare for threats across all platforms and understand that cyberattacks can impact more than just desktops or laptop computers, but also servers, POS systems, retail kiosks, mobile devices, and printers — all of which are endpoint devices.
According to Bobby Guhasarkar, Senior Director of Security Product Marketing at Cisco, an organization must always be proactive in its approach to understanding what’s going on in its network.
Guhasarkar recently wrote in The Cybersecurity Insight Report by CDW, “Visibility is about understanding the vulnerabilities happening in an environment and then asking, ‘Can I do something about it?’ It is about knowing what is happening at all times within a corporate network and assets, gathering analytics and taking action against any vulnerabilities that open the door to bad actors.”
New threats and constant innovation from hackers have put a higher interest in next-generation security, especially for endpoints and Internet of Things (IoT) devices. This, along with the sheer number of attacks, means the time has come when no organization can afford to be complacent. It’s not a matter of if, but when a breach will occur.
Endpoints Are Often the Way In
So, where do vulnerabilities often reside? In the endpoints attached to the network.
Simply put, endpoints are generally any device connected to a network. When you think of endpoints, you typically think of desktop computers and laptops. However, endpoints have evolved to include a multitude of sophisticated devices, including servers, tablets, smartphones, printers, cloud computing, POS terminals, retail kiosks, smart meters, and more.
Endpoints must be managed proactively to allow organizations to mitigate threats before they happen. According to Dan Schiappa, Senior VP of Products at Sophos, as he recently stated in The Cybersecurity Insight Report, “In order to put an effective next-generation security plan in place, IT admins need to assess all the different types of endpoints they might have connected to the network.”
Endpoint security is becoming a more critical component to advancing sound security policies and lessening future security threats.
Printers Are a More Vulnerable Endpoint
Printers are at risk of being hacked merely due to the lack of understanding surrounding printer vulnerabilities. From the C-suite to IT managers to end-users, there is a general lack of knowledge surrounding just how vulnerable printers are.
According to various studies, 70 to 95 percent of security breaches originate at the endpoint. However, only 16 percent of IT decision-makers think that printers are a high-risk vulnerability for security threats; this means printers are not often viewed as part of an organization’s security policy and may not be on the radar for security breaches. However, printers are essentially computers and share many of the same risks.
Computers have firmware, a hard disk drive, a basic input/output system (BIOS), a graphical user interface or screen to view and interact with; they also connect to a network and are assigned an IP address. Just like computers, printers primarily have the same components — firmware, a hard disk drive, connection to a network, an assigned IP address, a user interface, and so on.
Organizations spend a great deal of time and resources on antivirus software for computers, best-in-class firewalls, and human capital to keep networks secure. However, they often fail to address weak links and gateways attached to the network, such as printers.
When new printers are shipped and delivered directly from a factory or purchased from a local office retailer, the printer often comes with open ports, default passwords, Wi-Fi settings turned on, and protocols enabled. The consequences of not properly managing these default printer settings from a security standpoint can create security vulnerabilities and gaps in your network.
Unsecured printers could mean firmware may be compromised, undetected security gaps exist that can allow malware intrusion, critical data and information can be intercepted as it travels across the network, and hackers can exploit device settings by remotely logging into the printer, causing sensitive documents to be compromised.
These vulnerabilities make printers a primary target for cybercriminals and can open a network to hackers looking for a way into a network.
How Can You Secure Your Printers?
So, how can you stop a printer from being hacked? While no device is 100 percent impenetrable, holistically, you should increase printer security by making them part of your organization’s digital security policy and managing them like computers.
Below is a list of best practices for ensuring your printer fleet is more secure.
Printer Security Best Practices
- Download the latest firmware updates. Printer manufacturers release firmware updates when they discover vulnerabilities. These firmware updates may include fixes that resolve known security issues or could merely introduce new features that increase printer security.
- Utilize remote management software for printers. Regardless of if you have a few printers or a few hundred printers, these devices need to be managed correctly. You can efficiently manage the security on a fleet of print devices by utilizing admin tools. These web-based tools make it easy to add new printers, update firmware for a large number of print devices, and troubleshoot printer issues.
- Evaluate if a printer should be networked. Reduce printer vulnerabilities by taking printers that do not need to be networked offline.
- Enforce a PIN-only or badge-only policy. Modern business printers typically include a PIN system. With this feature enabled, users must enter a PIN at the printer to release their print job. This pull printing method, where print jobs are only released when authenticated at the printer, ensures sensitive information is not left in the printer tray. Another option is the badge system, which works in the same fashion as the PIN method but requires the user to swipe their badge at the print device instead of entering a PIN.
- Purchase printers with an encrypted hard disk. By having an encrypted hard disk on a printer, the data will be safe if anyone ever steals the disk. This will also help ensure the information on your printer stays confidential if you ever sell or toss the device.
- Disable outdated remote printing features. Often, you’ll find that older models of printers have remote printing on by default. If this is the case, you’ll want to deactivate this feature. Once disabled, you should look for a more secure option to remote printing so that your employees can securely print from their laptops, tablets, and phones.
- Change default usernames and passwords. Make sure you change the default administrator usernames and passwords on your printer to a stronger version. Many networked printers can be accessed remotely. Not changing default passwords can make the printer more vulnerable to hacks.
- Secure printer ports. Software ports are a channel for communications, be it emails, scan to folder, or HTTP. These ports should be locked down because open ports are an easy and well-known way into a network.
- Replace outdated printers. Older print devices are likely to be less secure than newer ones. By upgrading to the latest printer models, you’ll reap the benefits of a more secure device. When shopping for a printer for your office, stay away from consumer printers and focus your attention on business-class network printers that will have security explicitly designed for commercial use.
- Review your security policy. Make sure you include printers and other types of endpoints in your security policy.
Partners That Put Print Security First
Learning about printer security and how to introduce best practices into your organization can be a bit overwhelming. For that reason, I would recommend you rely on people well-versed in this area, such as our team at Function4. As the HP Relationship Manager at Function4, I’m proud to say that we have print devices and solutions that will introduce a new level of security into your business.
HP Security Manager
You will need a robust security application in place on your network to help manage the security for each printer. Function4 partners with HP and uses the HP Security Manager, which can help formulate and enforce the right security policies for every printer across your network.
Security Manager will give a diagnostic view of how each printer within a network is performing from a security standpoint based on 13 common security settings. It then generates reports to show how each printer is performing against the settings.
Security Manager will also help your organization create a security policy to match your specific security requirements. Security Manager will then push those policies out to each device on the network and configure each printer to comply with prescribed corporate security policies. The Instant-On feature connects new devices when they’re added to the network.
Lastly, Security Manager will help remediate devices to comply with corporate requirements listed in its security policy and provides on-demand reporting of compliant and non-compliant devices.
Managed MFPs and Printers
At the device level, you should consider contacting Function4 about HP’s line of managed printers and copiers. HP touts its managed printers as “The world’s most secure printers” — and for good reasons.
Some features associated with HP’s Managed Printers include:
- Self-Healing Components. Helps the device recover if compromised at the BIOS level, that is below the device’s operating system, which can help mitigate attacks targeting printers.
- Sure Start. Prevents the execution of malicious coding during boot-up.
- HP Whitelisting. Aids in ensuring only authentic, known firmware is loaded into the device’s memory.
- Run-Time Intrusion. Detects and prevents unexpected memory changes while the printer is running.
- HP Connection Inspector. Inspects outgoing network connections.
Locking down printers can help ensure vulnerable gateways into your network are closed and help prevent potential threats from becoming real security breaches. Having a policy-based approach to securing imaging and printing devices can go a long way to adding layers of security to your infrastructure; this can help make it harder for cybercriminals to penetrate your network.
Contact our team at Function4 today to learn more about printer security and our HP solutions.
Posted in: Cybersecurity