IoT cybersecurity risks are in the headlines again as researchers uncover a new type of DDoS attack against internet-connected printers. They have warned that printers, which are not routinely configured and use minimum security, are exposed to a new set of attacks dubbed Printjack.
What’s the new update?
According to a team of Italian researchers, a large number of printers are publicly exposed on the internet, making it easy for attackers to send malicious data remotely.
Due to the lack of an authentication process to verify the sent data, printers may suffer other vulnerabilities that may turn out to be exploitable - even remotely.
Researchers further highlight that many of these printers fail to comply with cybersecurity and data privacy requirements meant for IoT devices.
All in all, this lack of in-built security can lead to a series of new attacks that include recruiting the printers in DDoS swarms, imposing a paper DoS state, and performing privacy breaches.
Printers that fall victim to these attacks, collectively called Printjack, are more likely to be unresponsive, consume more power, and generate more heat while degrading their performance over the coming days.
More deets about the attack
In the first type of Printjack attack, threat actors exploit a known RCE vulnerability (CVE-2014-3741) to turn printers into an army of botnets for launching DDoS attacks.
The second attack is a ‘paper DoS attack’ and can be achieved by sending repeated printing jobs until the victim runs out of paper. As a result, this can lead to service downtime.
The third type of attack is the most severe of all Printjack attacks as there’s the potential to carry out MitM attacks and eavesdrop on the printed material.
How widespread is it?
While there is no evidence of attacks by threat actors, telemetry shows that around 50,000 printers are exposed online in the top ten European countries alone.
These printers can be accessed through TCP port 9100.
Not a new problem
When it comes to securing endpoint systems, printers are some of the unknown threats on any network, which organizations often ignore.
These devices can open a backdoor for cybercriminals if not properly remediated.
In one such recent incident, cybercriminals had exploited a serious PrintNightmare vulnerability to infect victims with ransomware.
The flaw affected the Windows Print Spooler Service that controls the printing jobs taking place within the Windows operating system.
The bottom line
Highlighting the lack of security for printers, researchers state that printers ought to be secured akin to other network devices such as laptops. Therefore, printer vendors need to upgrade their devices’ security and data handling processes. Similarly, users and businesses must do their part by limiting privileged access.