As we enter 2022, the time is ripe for an important reminder... How secure are your network peripherals really?
With so many connected devices on our corporate networks these days, it is easy to overlook some of them – and every overlooked or unsecured device represents a security risk and a way into your network.
As we go into the new year, the problem of unsecured network peripherals is being pushed back to the top of the agenda – and, yet again, it’s printers that are making the headlines.
In November 2021, IT publication The Register(1) revealed that more than 150 models of HP printers are exposed to two significant vulnerabilities.
Finish security company F-Secure Labs found that the exploitable flaws could allow attackers to seize control of vulnerable devices, steal information and further infiltrate networks.
F-Secure Labs highlighted several exploit examples, including tricking the target organisation into visiting a malicious website. Once there, printers would print a document from the site containing a “maliciously crafted font” which gives the attacker code execution privileges on the printer.
As well as stealing copies of documents subsequently printed on the machine, it could be used as a toehold for further illicit network access.
F-Secure Labs said, “to make matters worse, many organisations don’t treat printers like other types of endpoints. That means that IT and security teams forget about these devices’ basic security hygiene, such as installing updates.”
If you have one of the 150+ affected models of HP multi-function printers – and the researchers say many organisations will do – it’s important to check and update the device.
Forbes magazine(2) has reported that “any device connected to the Internet will need updating as soon as an update is released to keep it secure”, acknowledging that, “Printers make easy targets due to their long lifespan, during which they may become outdated and insecure.”
Check the two security updates from HP
• HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers(3), and
• LaserJet, LaserJet Managed, PageWide, PageWide Managed printers - Potential buffer overflow(4)
and make sure your devices are patched appropriately.
The latest news about the HP printers highlights the ongoing need to manage all connected devices effectively.
As we’ve noted previously, the explosion of the Internet of Things and the increasing number of connected devices across our networks makes this an increasingly difficult – and important – task.
Security firm Kaspersky advises that, worldwide, 127 new devices are connected to the Internet every second. And, as the number grows, the devices are an increasingly popular target for cyber criminals.
Kaspersky’s research, as reported in Tech Radar(5), has shown that between 2020 and 2021, the number of attacks against IoT devices more than doubled.
According to Infosecurity magazine(6), most of the attacks (58 percent) were attempted using the Telnet protocol, with the rest using SSH (34 percent) and web channels (8 percent). Once compromised, the devices can be conscripted into botnets to mine illegally for crypto currencies, launch DDoS attacks, steal personal data and other nefarious activities.
Following its research findings, Kaspersky stated: “We’ve observed how attacks against smart devices intensified during the past year. Most of these attacks are preventable. That’s why we advise smart home users to install a reliable security solution, which will help them stay safe.”
However, many IoT devices don’t support traditional endpoint security solutions. For smart home solutions, this means that security solutions must be plugged in at the network layer.
Kaspersky also recommended rebooting any devices that are behaving oddly or show signs of being compromised, as this can sometimes eliminate the malicious code.
To protect your devices moving forwards, you should:
• Change any default passwords to stronger, more complex credentials.
• Maintain prompt patching of any firmware updates.
• Monitor announcements (such as that of the HP printers) so you can patch promptly when vulnerabilities are discovered.
• Install an effective endpoint manager to monitor and protect devices.
• Turn off all the features that you are not using on each device, especially those related to network access (e.g. Bluetooth connectivity, etc).
The UK’s National Cyber Security Centre (NCSC)(7) has published detailed guidance about the risks that network peripherals and connected devices can create. We highly recommend that you familiarise yourself with these risks and then review device policies accordingly.
This way, you know whether your devices are secured to meet today’s security threats.
Enforcing policies through an effective endpoint manager
Your choice of endpoint management solution will have a significant impact on your successful mitigation of threats and vulnerabilities.
We recommend two solutions:
• Microsoft Endpoint Manager provides unified endpoint management of corporate and BYOD devices of all kinds in a way that protects corporate data. Together with Microsoft Intune, it enables you to set application and usage policies that match your organisation’s own risk appetite.
• BitDefender Gravity Zone, a highly rated anti-virus solution which is cost-effective for small to medium-sized businesses that don’t have enterprise-grade Microsoft licence agreements in place.
If you aren’t using one of these two solutions already, we highly recommend that you speak with our team about implementing one of them as soon as possible.
If you’d like further advice about endpoint security – or details about other ways to protect your network, devices, people and organisation – please get in touch with the Grant McGregor team.
You can contact us on 0808 164 4142 or book a chat below:
Read up on our IoT security tips for SMEs for essential guidance on how to protect devices across your network.
Learn more about the Bitdefender solution for endpoint security.
Or read our Q&A session about the growing attack surface resulting from the Internet of Things.