In August 2020, the ethical hacker group known as CyberNews gained access to approximately 28,000 printers around the world. Luckily, rather than wreaking havoc, they discovered a vulnerability that allowed them to print a document with the message, “This printer has been hacked.” The full printout described the vulnerability and how to secure against it.
CyberNews’ custom script only targeted printing permissions. A more opportunistic group of hackers could have caused a lot more damage.
In this article, we’ll review key printing environment and network printer vulnerabilities and how you can proactively work to lock them down.
Read through the following sections so you’re able to (1) understand why network printers are vulnerable; (2) why printer security involves your team as much as your devices; and (3) proactive steps you can take to reduce the probability of a breach that begins with your office printers.
A data breach can be one of the most devastating events any organization can experience. Everything changes in an instant. Not only does a hack into your networks run the risk of seriously crippling your business and exposing both your and your clients’ data, but the reputational damage to your company can take years to recover from.
Most organizations are well aware of the massive wave of cybercrime that has occurred over the last two years. These cyberattacks often come in the form of sophisticated attacks that breach and shut down a system until a ransom is paid.
Part of the reason for this uptick in online criminal activity is the explosion in remote work that occurred during the pandemic. Working in a distributed fashion and using our own devices has left sensitive data more vulnerable, since employees are not all working under the same blanket of company cybersecurity.
Common Cybersecurity Vulnerabilities in Printers
It’s an unfortunate fact that printers are often overlooked when it comes to a company’s security strategy. Far too many companies have viewed printers as machines for processing paper and ink.
Printers are an endpoint: an endpoint is a key concept to understand in cybersecurity. It refers to a computing device, such as a printer, that communicates back and forth with the network. An endpoint attack targets various entry points into the networks—for example, smartphones and printers. The reason is that endpoints are routinely connected to both the internet and the corporate network, thus increasing the attack surface for a cybercriminal.
Recent reports indicate that only one in five IT Decision Makers are confident about the security of their print infrastructure, while an alarming 64% of companies have reported a loss of data as a direct result of insecure printing practices in the last year.
A poorly secured printer can actually allow hackers to view documents, steal intellectual property or other sensitive information, print anything they like or inject malware — potentially leading to even worse consequences down the road.
In addition to securing your network print devices, you also need to secure your printed information to protect confidentiality and intellectual property.
Here are just a few of the common vulnerabilities associated with office printing.
Printers as a connected device
By default, printers are typically set up for easy access and configuration on a corporate network. Many printers ship “open,” which means they are designed to be plug-and-play for easy deployment. They are configured to listen on every port and support many protocols. This makes them easy to integrate into a network, although while this default state may be convenient, it also leaves printers vulnerable to outsiders.
Print driver vulnerabilities
One major way print drivers are vulnerable to cyberattacks is that they require implementation as a shared resource, due to the way that Windows handles driver deployment in point-and-print networks. Print driver files are stored on a server, clients request them, and they are delivered; if a print server is compromised, the attacker can piggyback on the print drivers to access client systems.
Additionally, vendor drivers typically utilize SNMP for print queue configuration. SNMP and other commonly used protocols are insecure and vulnerable to man-in-the-middle attacks through file replacement, proxy monitoring, or other means—providing attackers the ability to compromise the integrity of the server and the base for lateral movement and privilege escalation across the network.
Even with driver management software, IT staff remain highly dependent on vendor print drivers that utilize SNMP, as does the risk of a bad actor propagating a malicious payload to all clients.
Print queue vulnerabilities
Print queues are created as shared resources in a traditional Windows environment, opening the entire network to unnecessary risks. A cloud-based print management solution eliminates print servers and shared print queues, eliminating these risks.
Another major security gap is often found in the “print spooler,” which is software that temporarily stores print jobs in a print server’s memory until the printer is ready to print them. This software is enabled by default on Microsoft Windows servers.
Microsoft frequently releases patches to fix vulnerabilities in the spooler, but sometimes they slip through the system, leaving the print queue exposed. An attacker can exploit a local privilege escalation (LPE) vulnerability and execute malicious code using the print spooler service.
That’s the problem at the heart of the infamous PrintNightmare vulnerability which emerged in mid-2021 and affected all devices running Windows 7 and higher software. Once the attacker breaches the security perimeter, they are able to perform operations with system-level privileges. This allows them the opportunity to access, edit, and delete sensitive data, and even go so far as to install new programs which can have a devastating effect.
The flaw was discovered and a patch was issued. But additional vulnerabilities have been discovered since, and it’s virtually certain that problems will keep emerging over time. Constant vigilance is required unless a company makes the decision to migrate away from traditional print infrastructure to a cloud print management system.
Employee negligence is one of the most mundane, yet common security risks—people often leave printed documents lying in the printer tray unattended for anyone to copy, read, or take from the office (on purpose or accidentally).
Moreover, most hacks and malware insertions are enabled by human error. In the traditional network model where the entire network is protected by one verification point (user login credentials or a perimeter firewall), an attacker can leverage the inherent trust of the compromised endpoint to move laterally across the network to access sensitive data.
Print Cybersecurity in the Cloud vs. On-Premises
With cyberattacks increasing in both number and intensity, as well as the growing prevalence of the distributed workforce model, the one-size-fits-all security solution of a centralized work location is no longer realistic.
Migrating print workflows to the cloud can help enhance your security posture. Through the cloud, enterprises can also simplify print administration, making it easier, cheaper, and more secure for employees to be able to print from anywhere.
What Is Serverless Printing?
Serverless printing is printing that happens without traditional print servers, typically enabled by the cloud. Traditional on-premises print infrastructure relies on print servers to solve several problems in larger environments, including managing requests from many print users and the ongoing hassle of managing and updating print drivers on individual computers.
Print servers offer centralized print management and better control but are still inefficient and expensive to manage. Plus, print servers can pose a security risk.
Serverless printing provides a best-of-both-worlds solution, taking all the advantages of on-premises print servers to the next level while eliminating the disadvantages.
Zero Trust Security and Printing
The premise of zero trust is that no user, device, or application can gain access to network resources without first proving the required level of security and authorization. The zero trust concept centers around a “never trust, always verify” perspective. You view each element as a danger, so each device, user, or application has to prove otherwise before they’re allowed to interface with your data and resources.
This eliminates unrestricted lateral movement across the network and reduces the risk of an endpoint being compromised and providing a path to propagate a malicious payload to other endpoints.
Even before the global pandemic struck, organizations were increasingly moving to Internet-only configurations for at least some segments of their network. Now that most companies have a largely remote workforce, which some companies believe is a permanent change, the Internet-only network is quickly becoming an important facet of the zero-trust strategy.
This is completely different from the traditional “castle and moat” network configuration which relies on perimeter security and assumes that everyone (and every device) inside the network is a trusted entity.
The fundamental problem with the castle and moat concept is that it makes every endpoint on the network a prime target for attackers. Once an attacker compromises an endpoint, they are essentially inside the network, and therefore every node on that network—every workstation, every server, every printer, every database—becomes easy prey.
A core element of a zero trust environment is least privilege, which sets permissions only according to what users need to do their jobs. As Senior Solutions Architect for Pharos John Janikowski puts it, “The policy is going to define which members need access to which resources. And it’s going to be based on the business process, the acceptable level of risk that we can have.”
Another way of thinking about zero trust is from the perspective of one of its nicknames: “perimeterless security.” While “never trust, always verify” provides a high-level view of the concept, the moniker “perimeterless security” highlights the topological ramifications.
Zero trust moves away from an approach that presumes perimeter security—implemented using a firewall—is enough to protect your environment. This makes it necessary to position security mechanisms around each individual device, user, and application—as well as other networks. By assuming that each protected area is both a threat and an attack surface, zero trust provides comprehensive, strategically redundant protective measures.
John further illustrates why this approach is necessary. Once an attacker gets through the perimeter, they can move laterally—east to west—to “access any other resource that’s inside the network.” By requiring authorization even within the network, you can prevent an attack from spreading from one segment of your network to another.
The Printing Environment and Zero Trust
Print has been an overlooked component of most organizations’ security strategies, but that should not be the case. This is particularly true considering organizations’ continued adoption of remote work and the increasing number of printer-related threats, such as PrintNightmare.
Reasons why you should adopt a zero trust security approach to printing include:
- To leverage verification and authentication processes because hackers can use your print infrastructure to spread malware
- To implement endpoint validation prior to allowing a device to connect because an attacker can present authentication credentials even though they’re using a different device to attack your network
- To use zero-knowledge encryption that keeps your data hidden from everyone except you, including service providers. This can help block an attack coming from the provider’s side of the interaction. You secure your environment “by ensuring that eavesdroppers who are watching over that session aren’t able to see the data that’s being passed back and forth”
- To implement end-to-end encryption and ensure anyone trying to intercept or spy on your data can’t read it
Pharos focuses on seven tenets of Zero-Trust and Printing:
- All Communication Is Secured Regardless of Network Location – This means that even if the communication is coming from within your own network, it’s presumed to be a threat. By verifying the authenticity of the person and device connecting, you can protect your network from people who have gotten into your building or past your firewall.
- All Data Sources and Computing Services Are Considered Resources – Designating both data sources and computing services as resources makes them all subject to authentication and verification. By distrusting even data sources that have proven to be safe in the past, you can stop attacks from hackers that have since found a way of exploiting them.
- Access to Individual Enterprise Resources Is Granted on a Per-Session Basis – By only granting access per session, you avoid the trap of trusting that a resource remains safe over time. By verifying each resource before every session, you can stop an attacker pretending to be an authorized individual.
- Access to Resources Is Determined by Dynamic Policy and May Include Other Behavioral Attributes – A dynamic policy regarding how resources can be accessed does several things, primarily:
- Makes it harder for an attacker to guess which kinds of credentials or questions they will be asked when trying to log in
- Makes it less likely for an attacker to bypass the system because it flags both inauthentic credentials and suspicious behavior. For instance, if someone tries to connect from a strange location, the system can identify this behavior and block access to the resource
- Makes access more difficult for an attacker by forcing them to provide additional credentials based on behavior. For example, if an attacker takes a guess at a password but gets it wrong, the system can require that additional credentials be presented
- All Assets Are Secured and Monitored – Ensuring every device that interacts with your network has the appropriate security controls makes it harder for hackers to identify “low-hanging fruit,” or those devices that are trusted by the system and are easy to hack. John breaks this down this way: “The enterprise assures that all owned devices and associated devices are in the most secure state possible.” That’s a good first step, but he adds that the organization has to “monitor the assets to ensure they remain in the most secure state possible.” To be effective, this needs to include all personal and Internet of Things (IoT) devices.
- Resource Authentication and Authorization Is Dynamic and Strictly Enforced – If your authentication and authorization processes are dynamic, an attacker can’t use access credentials that worked in the past. This is because these credentials can be changed from one session to another. For example, if your system uses cryptography to generate a per-session authenticator, every session gets its own unique token that serves as the access credential.
- Infrastructure Communication and Connection Data Is Collected and Analyzed – By collecting data regarding the state of your network infrastructure, you make it easier to spot anomalies, as well as identify the strong and weak elements of your security architecture. In addition, in the event of a breach, your data serves as the foundation for post-mortem analysis, making it easier to determine what went wrong and address the vulnerability.
Not all print management solutions support zero trust, with only a few enabling employee printing in a comprehensive zero trust ecosystem. For instance, most organizations still use insecure RAW or LPR protocols to deliver jobs, both of which have been used to hack printers for years. Also, organizations that still rely on traditional print processes using servers and queues often don’t have client authentication measures in place. This means that even if the organization’s security team had implemented zero trust across the rest of its IT infrastructure, they wouldn’t be able to use zero trust policies to secure their printing environment.
How Zero Trust and Cloud Printing with Pharos Help Enterprises Stay Secure
Cybersecurity and document security in this volatile environment must be constantly evolving to meet new threats. The explosive growth of remote working has only worsened the problem. A well-designed cloud print management platform eliminates print servers, dramatically reduces the total attack surface, and strengthens your cybersecurity posture.
- Encrypts data while in transit using Transport Layer Security (TLS) between all endpoints
- Focuses on protecting individual resources, such as the user’s workstation and printer, instead of network segments
- Verifies the identity of the user before allowing them to print by checking for an identity token and requiring additional authentication if necessary
- Keeps user identities stored securely in the cloud using non-reversible hashes
- Performing regularly scheduled vulnerability testing and proactive patch management
- Isolating data within the cloud using a tiered application structure that leverages zero knowledge encryption so bad actors cannot access your secured data
- Ensuring authorized organization access by controlling access to print devices and making sure that communications are only initiated from authorized endpoints to the cloud
- Reduces the danger of misplaced employee cards by enabling the removal of the ID badge registration
- Does not depend on insecure protocols that hackers can exploit—Pharos Cloud encourages users to disable them and checks to make sure they’re not being used
- Verifies that the destination printer is the intended endpoint before sending the document to it from the workstation or the cloud
Even after a device is secured, it’s important to remember that a factory reset returns the device to its open state. These factory resets often occur after a major service event. Every organization should review their security policy with regard to their device fleet and printer configuration. Creating and maintaining such a policy across the organization will make it easier to enforce standard configurations across the fleet from the time of deployment all the way to decommission.
In today’s world of remote workers, increasing cybercrime, and too many unknowns, zero trust is emerging as the new standard for organizational security and infrastructure. The premise of zero trust is that no user, device, or application can gain access to network resources without first proving the required level of security and authorization. This eliminates unrestricted lateral movement across the network and reduces the risk of an endpoint being compromised and providing a path to propagate a malicious payload to other endpoints. Pharos’s cloud platform supports zero-trust implementations.
Tips for Avoiding Costly Breaches Before They Happen
There are a number of proactive steps that you can take to prevent a print-based breach from occurring within your organization. After all, it’s infinitely easier to provide security upfront that thwarts an attack or prevents an incident, as opposed to trying to fix it after the fact.
Two primary categories are as follows:
Train all employees about security risks and best practices, and empower security staff to make decisions to improve your IT infrastructure. Educating employees about the massive damage a data breach can inflict should convince them to take their role in company-wide security efforts seriously.
Training should entail more than bulletins or informational emails. Make every department aware that security is a top priority, and make sure everyone understands the company’s security policies. As the world continues to progress toward an even more digital society, choosing not to prioritize security in all its many facets is risky business. You don’t want to lose your customers’ trust or let valuable information fall into the wrong hands.
Technology, like Secure Pull Printing
Deploying technology that forces employees to enter their network credentials at office printers before they can receive their documents — secure pull printing — eliminates piles of forgotten documents and prevents sensitive information from being accessed or picked up by passersby. This is especially beneficial in the financial and healthcare industries, where sensitive information is handled routinely.
In a secure printing environment, employees print to a secure network queue and then use their access card or login credentials to release (“pull”) their documents at any network printer.
The old way is to allow employees to print directly to a specific printer for immediate output, but this introduces a lot of risk and waste.
Here is a growing list of measures you can take to secure your print environment:
Remove the need for TCP port access. Understand that the problem with shared print queues is that they require access to specific Transmission Control Protocol (TCP) ports. That brings with it access to hidden shares and folders within the operating system. This is a recipe for disaster and a potential goldmine for hackers to exploit. By moving print operations to the cloud, you are able to simplify those types of configurations, eliminate the need for vulnerable TCP ports, and dramatically enhance security.
Remove the threat of legacy protocols. Another weakness inherent to the point-and-print system is the number of legacy protocols that are enabled by default. After all, Windows has essentially been running the same system since the 1990s. While there is no doubt that it does simplify integration with older systems, the downside is that it opens an opportunity for attackers to exploit the inherent weaknesses in older protocols. Legacy protocols on your printers must be disabled.
Understand the drawbacks of multi-use servers. Print servers in most organizations are used for a multitude of purposes, including file sharing. Very few companies have the budget and discipline to use a print server for one dedicated purpose. The downside of a shared printer server is that it opens up the potential for vulnerabilities or misconfiguration of Access Control Lists (ACLs) or Active Directory group memberships that allow unauthorized users access to the print server function. Organizations that can afford it should consider dedicated printers with no extra functionality.
Insist on world-class encryption. Robust encryption of data is part of a cloud-based service, and this is something that is simply not available in traditional on-premises printing services where data is sent across the network unguarded.
The long-term solution to all these problems is undoubtedly cloud printing. But this only secures the infrastructure and servers. So how can physical printer security be improved?
Go beyond digital protection and implement a pull printing solution. It’s important not to underestimate the threat that unattended physical printers provide. One of the most serious physical security risks is simply sensitive documents that are left unattended at the device. The solution here is “pull printing,” in which a user walks up to a printer and authenticates at the device before their documents print.
Disable physical ports on the printer. This is to prevent people from inserting USB drives and making personal prints.
It’s critical that you lock down all of your network printers. Start with changing their default admin password. Configure and use each device’s built-in firewall, when available. Shut down any protocols you don’t need. Create an access control list and create a schedule for updating the device firmware (device manufacturers will often issue patches for any discovered vulnerabilities; be sure install these when they become available). Check back regularly to ensure that any “hard resets” didn’t reintroduce open ports and default passwords.
Put your visibility to the test. Check to see whether your printers and other devices are visible to the outside world using tools such as the Shodan search engine for some self-evaluation. These tools allow you to see your security the same way a hacker searching for vulnerabilities on your network would. Then, you can take the appropriate actions based on the results.
When manufacturers make firmware updates available, they often include security patches. Staying on top of these updates is just as important as keeping up with any other security updates on your network. And security steps taken during initial out-of-the-box setup should always be repeated after any major service, as devices are usually subject to factory reset during repairs.
If possible, place the printer in an area with limited public—or even restricted—access, and record exactly who enters and exits the area and when they were there.
Pro Cybersecurity Tip: Leveraging Industry Standards
Leverage industry standards for protocols and best practices to gain an understanding of the evolving security landscape. Organizations like PCI, HIPAA, OWASP, and NIST provide a lot of resources to help you understand and implement security best practices throughout your organization. And it’s not enough to just follow these guidelines like a list of chores; your entire organization must embrace them and make security part of its mindset.
What Steps Should You Take After a Breach?
It’s important to have a plan of action in place so you can respond effectively to a data breach. It’s too late to try to come up with an effective response when it happens, in the pressure of crisis. Rather, be proactive and establish a chain of command so that everyone knows what is expected of them when it happens.
Use these four steps as the basis of formulating a plan that works for you:
- Take the printer offline immediately and secure physical access to the device.
- Assess what data was uncovered and what information has been made vulnerable.
- Alert all affected parties and customers about what has happened and that they may be vulnerable to hackers.
- Change all the passwords that allow access to that printer.
The Advantages of Cloud Printing Extend Beyond Security
In this article, we’ve taken a close look at the security benefits that come from transferring your print infrastructure to the cloud, but in fact, there are many other benefits from a successful cloud migration.
Not only do you dramatically reduce your IT infrastructure, maintenance, and printing costs but you also gain a better understanding of what’s going on in your printing operations, and how to manage them better. You can track printing metrics across the entire organization and gain useful insights into how, when, and where your printing budget is being used.
When you look at the big picture, it becomes clear that there’s never been a better time to move your printing services from a Windows-based action to a service that operates from the cloud. When you combine the robust security of cloud printing with its affordability, ease of use, and overall sustainability, the path forward for all your printing needs becomes obvious.
It’s important to review your network security. In our work with customers, we too often find that thousands of printers are unknowingly visible from the internet because of inadequate network security. This oversight is what made the aforementioned hack at several U.S. universities possible. You can use the Shodan search engine or similar online security tools to identify vulnerable network devices across your organization.
As your organization continually refines its security strategy to stay current with evolving threats, make certain that securing your print environment is a priority. Making these security considerations a standard part of your processes will help you to make informed decisions and take appropriate actions to address the diverse and ever-evolving threats out there.
Connect with a Pharos print security expert and request a demo today. It’s the easiest and quickest way to ensure that your print program is secure and that you’re going the right way on your journey into the cloud.