Preying on your weaknesses

Cybercriminals and hackers don't often strike where security is strong. They're always looking for a weakness - a technical flaw, a poorly thought-out process, thoughtless behaviour that can be exploited to access your systems and do what they want. They may not want or need to attack your perimeter or make a direct assault upon your servers, when there is other, easier prey in easy view. While you're busy securing your PCs, infrastructure and mobile devices, they have your printers in their sights.

Why? It helps that printers are almost ubiquitous in business. Most offices will have a number sitting somewhere, often in central locations almost anyone in the building can access. Printers are often on a slow upgrade cycle. IT teams that wouldn't think about fielding a laptop for more than three years will happily run a laser printer for six to eight years and even more.

Most of all, printers are a great target. They have grown much more sophisticated, becoming powerful client devices with their own processing power, memory and storage, upgradable firmware and programmable functions. They process, route and store valuable data, including print jobs and user credentials, not to mention scanned documents in the case of multi-function devices.

They're accessible, too, connecting to wired and wireless networks and even the Internet for remote printing services. They can be attacked locally through the control panel or via the USB connection, but also remotely through a direct route, a malware-infected print job or cross-site scripts embedded in a website. All it takes is one employee to download and print an attachment or click a link.

Still, what's the worst that can happen? After all, the most notorious printer hacks of recent years have focused on takeovers of internet-connected printers, forcing them to churn out hate speech flyers or, as in the Stackoverflowin attack in February this year, pages of ASCII art. Is this really the kind of stuff that wrecks a business?

Not on its own, but these hacks only demonstrate one way of exploiting printer vulnerabilities. They could be used to build a botnet or launch Denial of Service attacks. Malicious firmware could be installed and used to manipulate print jobs, overlaying or replacing the real content with false or sensitive material. Backdoors could be added to capture print jobs and user credentials to be sent and viewed elsewhere, or as a means to get into the network and attack other systems from there. A compromised printer could become the initial foothold for a wider attack.

Too few enterprises take this seriously. A March 2017 Spiceworks report found that only 16% of the businesses surveyed regarded printers as a high risk for a security breach. Only 18% monitored their printers for threats. 43% of the companies surveyed ignored printers in their endpoint security practices. It's estimated that only 2% of business printers in the world are secure, yet research from IDC suggested that 35% of recent security breaches are related to print security deficiencies.

Strengthening printer security

Printers don't have to be your weakness. In fact, there are some steps any enterprise can take, whatever their size and whatever the make-up of their printer fleet. Some holes can be mended just by changing the standard admin usernames and passwords or by shutting down the network ports, protocols and services that many manufacturers leave open by default. HP includes the former step during the initial printer setup and takes the more secure approach to services and ports.

Meanwhile, make sure you're taking advantage of security features built into or supported by your printers. They could have authentication or encryption tools, protecting print jobs while in transit or at rest. They may work with management tools, to ensure that their activities are properly logged and monitored, or that all printers match corporate policies and secure configurations. Educate users on print security risks as well, so that they're aware that printing files downloaded from the internet may not be a great idea, and what the consequences of doing so could be.

Device-level security

Still, when attackers can be so persistent and so wily, even good security practices may not be enough. That's why HP has invested years of research and millions of dollars into device-level printer security, into technologies that protect the printer at the lowest, sub-BIOS layer, stopping hackers like the Wolf in their tracks.

Secure Booting: On Enterprise printers, HP protects the BIOS the set of boot instructions used to launch the fundamental hardware components and initiate the firmware with HP SureStart technology that validates the integrity of the BIOS every time the printer boots and, if a hacked version is discovered, restarts it using a properly-validated safe version. On HP Pro printing devices, HP Secure boot technology performs the same checks, but places the device in a limited functionality recovery mode until a genuine HP BIOS can be reinstalled.

Secure Firmware: HP also protects the firmware the software that controls the printer's functions by checking what's installed against a whitelist that ensures only known good, unaltered HP code is loaded into memory. If any variant is discovered, the device reboots to a secure recovery state until a valid update can be installed, with notification via a control panel message or a notice to the IT team.

Run-time protection: HP run-time intrusion detection protects HP Enterprise devices while they're in operation and connected to the network, checking for intrusions or attempts to run malicious code in memory and rebooting automatically if anything is found. On HP Pro printers and MFPs all run-time code memory is write-protected and all data memory defined as non-executable, preventing malicious code from running effectively.

Security Management: HP JetAdvantage Security Manager can automatically assess whether devices comply with company security settings and policies, then take steps to remediate any issues without the need for direct intervention. New devices become compliant within minutes of being connected and powered-up. Administrators can be notified of any issues using existing Security Information and Event Management (SIEM) tools.

Together, these powerful security features ensure that even a successful attacker can't get a foothold on your printer, and that attempts are recognised and neutralised with the ill effects fixed rapidly. By taking printer security to a whole new level, HP business printers stop the wolves of this world getting their jaws around your network and your assets.

Don't let the Wolf prey on your business.

ITPro

ITPro is a global business technology website providing the latest news, analysis, and business insight for IT decision-makers. Whether it's cyber security, cloud computing, IT infrastructure, or business strategy, we aim to equip leaders with the data they need to make informed IT investments.

For regular updates delivered to your inbox and social feeds, be sure to sign up to our daily newsletter and follow on us LinkedIn and Twitter.