The workplace printer has come a long way from the days of interminable wait times and hulking laser units. Today’s printers boast features that would have been unfathomable in the dot matrix days. With “smart” technology and networking capabilities, app-integrated multi-functionality, and onboard memory and storage, printers have become nodes in an ever-expanding Internet of Things (IoT), with unprecedented computing power of their own. They’re more efficient than ever, and, page for page, many are even more affordable.
But with expanded capabilities can come increased vulnerability. Particularly for small businesses, today’s printers illustrate what can seem like an existential conflict between productivity and IT security. Businesses seeking to take full advantage of their printers’ capabilities should pay careful attention to these four most common types of printer security threats.
1. Targeted printer attacks
Industry statistics suggest that hackers rarely target printers specifically, for a few reasons. First, older printers offer limited financial or intelligence value. But newer printers possess their own hard drives and RAM, for storing files sent to print. They often integrate with identity and access management (IAM) systems, so they may store sensitive information, like user passwords. For businesses with shared passwords, a compromised “log in to print” password could give a hacker access to more data-rich devices, or even enterprise IT credentials.
Secondly, printer firmware has historically been proprietary, which provided “security through obscurity” and a learning curve for hackers. But with detailed firmware information now available online, it’s easier for bad actors to understand these devices and plot direct attacks.
2. Remote hacks
A more common threat sees hackers tap unsecured printers as a gateway to otherwise secure network environments. Printers can be mapped as part of the enterprise network, enabling hackers to move laterally across the network in search of more valuable targets, such as domain controllers that store passwords for many users.
It’s not uncommon for sophisticated hackers to exploit a small business as an avenue to a bigger target. In 2013, hackers targeted an HVAC contractor with remote access to a Target Corporation intranet, gaining entry into Target’s enterprise network. Such attacks require advanced skill, but can have profound operational, financial, and even legal consequences.
Printers can also be targeted for ransomware attacks, in which hackers encrypt an organization’s data and demand a payment to decrypt it. Ransomware requires less skill than multi-step hacks while promising a more immediate reward for cyber criminals. Small businesses, which may be less likely to employ data recovery or redundancy protocols, are often compelled to pay because of the attack’s paralyzing effects.
3. Remote harvesting
As with remote attacks, printers can be part of a larger attack. Using automated tools to scan the internet for computers and IoT devices with known security vulnerabilities, hackers can compromise large numbers of these devices, forming a remotely controlled network, called a botnet. Machines co-opted in a botnet often give no apparent warning to owners or users accessing the devices.
Botnets are useful to hackers in conducting certain types of attacks, such as using the distributed computing power to mine for cryptocurrencies. They may also be used in distributed denial of service (DDoS) attacks, which overwhelm victim networks with traffic that makes machines and services unavailable to users.
Building a botnet doesn’t require the skill of other attacks, and the tools to do so are readily available online. For these reasons, this attack is slightly more likely than a targeted printer attack or remote hack.
4. Insider threats
Perhaps most likely of all, unsecured printers lend themselves to insider threats, which can be malicious or unintentional. For insiders—trusted on-premise or remote network users—obtaining and/or disclosing confidential, sensitive, or proprietary data can require little to no technical expertise or skill. Often, unencrypted data travels directly to a printer, where a physical copy sits unsecured, waiting for pickup.
These threats can be difficult to detect and prevent, and have a high chance of success, as evidenced by repeated attacks at organizations with world-class security, such as the Central Intelligence Agency. And according to a 2019 Securonix survey, 59 percent of organizations believe that privileged network users are their biggest insider security risk. But even a network that’s well-fortified against remote or device-specific attacks can’t safeguard against someone picking up a printed document. The insider threat, therefore, underscores the importance of physical security for printers.
Now that you’re informed about the most common printer security threats, learn more about specific vulnerabilities—and how to guard against them—by downloading our guide to securing small- and medium-business printers.