As we know, there are many different vector attacks that hackers can try to exploit to gain access to an internal network. Commonly, organisations look at peripheral devices as those with less risk, as organisations often measure risk based on the limited functionality they provide. But is that right?
What is Printer Spoofing?
This is where bad actors make themselves look like Printers or Scanners. Sending emails to users looking like the printer/scanner is sending a scanned document or email that holds malicious attachments. This typically takes the form of a PDF-style Document or scanned image with a JPG extension.
When the user opens the attached PDF/JPG, the user recieves a malicious payload. This payload could be a worm, Trojan, or other types of malicious content, which can spread throughout the company and contacts or even remotely to take over control of the device.
What is the attack Vector?
Morover, it is typical in organisations that Printers and MFDs are generally just given IP Addresses and put in place with all other settings left in default, as they appear not to be a threat.
However, these default settings use, for example, SNMP working in public mode, give valuable information to attackers.
All services are typically open and use low-level security and encryption to ensure the device will work in any environment under the Plug-and-Play scheme.
Furthermore, they also have USB ports, which allow inside attacks to deposit malicious code.
This encompasses the most prevalent makes, which want to provide the best experience for their products, not necessarily in line with a high level of security. A proper look into peripheral device configuration should be a part of every pre-installation process.
Other Dangers of Printer Spoofing.
Modern Printers now have services such as Air Print or Google Print, allowing access to print etc., via Wireless Protocols, which could also be an avenue to access services and deposit malicious code.
Organisations should look to have mitigated many CVEs associated with Printers to ensure that these unassuming static devices are not a way for bad actors to gain a foothold into the company networks and devices.
We must understand that these devices are getting more integrations, usability, and being more “intelligent”. These are not the same devices we were accustom to decades ago. With new devices coming, this landscape is growing.
General Protection against this sort of attack.
There are several steps we recommend every organisation should take:
- Provide user awareness program, make sure they can spot malicious URLs or attac/ments in emails or other types of messages.
- Make sure IT Department properly manage assets and changes are updated accordingly.
- Use conditional access to your corporate network and utilise possible authentication on peripheral devices, if possible.
- Review devices in your network, making sure there is no “Shadow IT” running within it.
- Have a proper procedure for installing and configuring any peripheral device that will align with your security standards and compliance
- Run regular Vulnerability Scanning and make sure your devices are running on the latest firmware
- Don’t use unsupported devices, and make sure any security issues with the device are appropriately addressed to the device provider
Printer Spoofing: METCLOUD Protection
Even with all the sound stages taking place, it can be very time-consuming to manage them. This is where METCLOUD can help by:
- Providing good Assets Management, Monitoring and Service Desk, including peripheral devices
- Providing awareness program for Your organisation, including peripheral devices like printers and scanners
- Web and Email protection, together with intelligent and behavioural analysis as a part of End Point Management, will spot danger before it is delivered to the end user
- Vulnerability and Patch Management that will include peripheral devices
- Security and Compliance Review and Report that will help prioritise all necessary action to protect Your organisation
METCLOUD’s portfolio of cyber security and cloud services will ensure that you protect and defend your organisation from potential cyber-attacks.
Contact a member of our team today on 0121 227 0730 or email firstname.lastname@example.org.
Written by Richard Impey. Security and Network Consultant at METCLOUD.
Richard is a valued member of the METCLOUD team, specialising in Cybersecurity and Vulnerability Management.