Analysis

Preying on your weaknesses

Just like wolves, hackers are looking for the weakest, most vulnerable prey.

Cybercriminals and hackers don't often strike where security is strong. They're always looking for a weakness - a technical flaw, a poorly thought-out process, thoughtless behaviour that can be exploited to access your systems and do what they want. They may not want or need to attack your perimeter or make a direct assault upon your servers, when there is other, easier prey in easy view. While you're busy securing your PCs, infrastructure and mobile devices, they have your printers in their sights.

Why? It helps that printers are almost ubiquitous in business. Most offices will have a number sitting somewhere, often in central locations almost anyone in the building can access. Printers are often on a slow upgrade cycle. IT teams that wouldn't think about fielding a laptop for more than three years will happily run a laser printer for six to eight years and even more.

Most of all, printers are a great target. They have grown much more sophisticated, becoming powerful client devices with their own processing power, memory and storage, upgradable firmware and programmable functions. They process, route and store valuable data, including print jobs and user credentials, not to mention scanned documents in the case of multi-function devices. 

They're accessible, too, connecting to wired and wireless networks and even the Internet for remote printing services. They can be attacked locally through the control panel or via the USB connection, but also remotely through a direct route, a malware-infected print job or cross-site scripts embedded in a website. All it takes is one employee to download and print an attachment or click a link. 

Still, what's the worst that can happen? After all, the most notorious printer hacks of recent years have focused on takeovers of internet-connected printers, forcing them to churn out hate speech flyers or, as in the Stackoverflowin attack in February this year, pages of ASCII art. Is this really the kind of stuff that wrecks a business?

Not on its own, but these hacks only demonstrate one way of exploiting printer vulnerabilities. They could be used to build a botnet or launch Denial of Service attacks. Malicious firmware could be installed and used to manipulate print jobs, overlaying or replacing the real content with false or sensitive material. Backdoors could be added to capture print jobs and user credentials to be sent and viewed elsewhere, or as a means to get into the network and attack other systems from there. A compromised printer could become the initial foothold for a wider attack.

Too few enterprises take this seriously. A March 2017 Spiceworks report found that only 16% of the businesses surveyed regarded printers as a high risk for a security breach. Only 18% monitored their printers for threats. 43% of the companies surveyed ignored printers in their endpoint security practices. It's estimated that only 2% of business printers in the world are secure, yet research from IDC suggested that 35% of recent security breaches are related to print security deficiencies. 

Strengthening printer security

Printers don't have to be your weakness. In fact, there are some steps any enterprise can take, whatever their size and whatever the make-up of their printer fleet. Some holes can be mended just by changing the standard admin usernames and passwords or by shutting down the network ports, protocols and services that many manufacturers leave open by default. HP includes the former step during the initial printer setup and takes the more secure approach to services and ports.

Meanwhile, make sure you're taking advantage of security features built into or supported by your printers. They could have authentication or encryption tools, protecting print jobs while in transit or at rest. They may work with management tools, to ensure that their activities are properly logged and monitored, or that all printers match corporate policies and secure configurations. Educate users on print security risks as well, so that they're aware that printing files downloaded from the internet may not be a great idea, and what the consequences of doing so could be.

Device-level security

Still, when attackers can be so persistent and so wily, even good security practices may not be enough. That's why HP has invested years of research and millions of dollars into device-level printer security, into technologies that protect the printer at the lowest, sub-BIOS layer, stopping hackers like the Wolf in their tracks.

Secure Booting: On Enterprise printers, HP protects the BIOS the set of boot instructions used to launch the fundamental hardware components and initiate the firmware with HP SureStart technology that validates the integrity of the BIOS every time the printer boots and, if a hacked version is discovered, restarts it using a properly-validated safe version. On HP Pro printing devices, HP Secure boot technology performs the same checks, but places the device in a limited functionality recovery mode until a genuine HP BIOS can be reinstalled. 

Secure Firmware: HP also protects the firmware the software that controls the printer's functions by checking what's installed against a whitelist that ensures only known good, unaltered HP code is loaded into memory. If any variant is discovered, the device reboots to a secure recovery state until a valid update can be installed, with notification via a control panel message or a notice to the IT team. 

Run-time protection: HP run-time intrusion detection protects HP Enterprise devices while they're in operation and connected to the network, checking for intrusions or attempts to run malicious code in memory and rebooting automatically if anything is found. On HP Pro printers and MFPs all run-time code memory is write-protected and all data memory defined as non-executable, preventing malicious code from running effectively.

Security Management: HP JetAdvantage Security Manager can automatically assess whether devices comply with company security settings and policies, then take steps to remediate any issues without the need for direct intervention. New devices become compliant within minutes of being connected and powered-up. Administrators can be notified of any issues using existing Security Information and Event Management (SIEM) tools.

Together, these powerful security features ensure that even a successful attacker can't get a foothold on your printer, and that attempts are recognised and neutralised with the ill effects fixed rapidly. By taking printer security to a whole new level, HP business printers stop the wolves of this world getting their jaws around your network and your assets.

Don't let the Wolf prey on your business.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

Hackers publish over 4,000 files stolen from SEPA in ransomware attack
Security

Hackers publish over 4,000 files stolen from SEPA in ransomware attack

22 Jan 2021
BEC scammers are using Google Forms to identify easy victims
phishing

BEC scammers are using Google Forms to identify easy victims

21 Jan 2021
Weekly threat roundup: SAP, Windows 10, Chrome
vulnerability

Weekly threat roundup: SAP, Windows 10, Chrome

21 Jan 2021
Biden nominees highlight tough cyber security challenges
cyber security

Biden nominees highlight tough cyber security challenges

20 Jan 2021

Most Popular

SolarWinds hackers hit Malwarebytes through Microsoft exploit
hacking

SolarWinds hackers hit Malwarebytes through Microsoft exploit

20 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

12 Jan 2021