According to Paul McKiernan, the print security advisor at HP Inc. (an American technology company) the cyber-attacks using printers as an intrusion vector are growing rapidly in today’s technical era.
McKiernan at Info security Europe 2017 said that, this year we have reported more incidents (about printer’s insecurity) in comparison to the last year. For instance: last night, a memory corruption error has been noticed by a user in Denmark. The device has been seen instantly and the user spotted and informed the IT department about it but was not connected to a SIM and viewed by a SOC (an integrated circuit that integrates all components of a computer or other electronic systems).
“Though they were not able to find the root cause of the problem yet succeeded in execution of their incident response plan, disconnecting the device, penetrating inside and protecting information from getting being lost and further monitoring the device to find the cause from where the hazards have been come and then shutting down that attack vector. Hence, the thing done was right but it should be automated. Last night a similar attack at the close of business was also reported by a large private Danish firm.”
McKiernan noted an uneven pattern which signifies that the local transport organization was clearly very aware about the issue that printers might be an attack vector (a path by which a hacker can gain access to a device or server in order to deliver a malicious outcome) but the overseas ministries of defense who has been visited during Info Sec 2017 are unaware about the same, he also noted how the problem was rapidly appearing on a large number of organization’s radars.
It was stated that the similar threats which were generally targeting the businesses by searching the weakest link in their infrastructure that can be the incoming or outgoing points, propagation nodes or others, are also challenging the printer’s security.
Therefore McKiernan suggested the users to concern the integration of mainstream cyber-security tools into their printers at the time of purchasing, along with making other decisions such as best and affordable prices, specifications, etc. and advised not to think printers a simple commoditized device.
The print security advisor, McKiernan also notify that it has become necessary to be familiar with the business procedure and the workflow and also finding out the weak points in the path of the printers of the organizations, as even a large number of vulnerable scanning devices are not able to provide the complete details about the various risks in printing or that are faced by the printers.
McKiernan also said that a hacker could more easily execute malicious software on the printers instead of the computer and can even wait until the document is printed carrying malware instructions to be employ to other devices further, as we usually not at all or very less monitor our printers with comprehensive information security for your whole company going to our SIEM (security information and event management). Hence, One-time intrusion detection scans is surely required for these types of things.
CISO cyber- security needs to be aware that the memory-based hazards are growing rapidly. Lots of reports in the media of printers with open internet connections are identified using SHODAN (Sentient Hyper-Optimized Data Access Network) and published by Stackoverflow (the largest online community for programmers to advance, learn, share their knowledge, to enhance their careers), which highlights the issue to both the potential victim as well as attacker.
McKiernan noted that “though the company is creating awareness of the problem among a large number of folk and started the procedure by sending messages along with embedded code to send a screen message, to almost 150,000 Open internet users by making use of genuine functionality yet don’t accepting the fact “this action is especially for public service.”
Author’s biography: This article has been written by the technical writer Lena Smith. Being the dedicated and keen writer, she works very well for our website. Additionally, provides its readers with information, ideas, news on a large number of technical topics such as Support for HP, Support for Canon, and Support for Lexmark. The information provided by her always seems to be beneficial. Readers facing issues regarding such topics can take help from our technicians by calling our toll-free number.