Researchers have discovered a new type of DDoS attack against internet-connected printers, putting IoT cybersecurity risks back in the spotlight. They have warned that printers that are not routinely configured and use the bare minimum of security are vulnerable to a new class of attacks known as Printjack.
According to an Italian research team, a large number of printers are publicly exposed on the internet, making it simple for attackers to remotely send malicious data. Printers may suffer other vulnerabilities as a result of the lack of an authentication process to verify the sent data, which may turn out to be exploitable – even remotely. Researchers also point out that many of these printers fail to meet cybersecurity and data privacy standards intended for IoT devices.
Overall, the lack of built-in security can lead to a slew of new attacks, such as enlisting printers in DDoS swarms, imposing a paper DoS state, and violating privacy. Printers that are subjected to these attacks, known collectively as Printjack, are more likely to become unresponsive, consume more power, and generate more heat, all while degrading their performance in the coming days.
In the first type of Printjack attack, threat actors use a known RCE vulnerability (CVE-2014-3741) to convert printers into an army of botnets capable of launching DDoS attacks. The second type of attack is a ‘paper DoS attack,’ which is carried out by repeatedly sending printing jobs to the victim until the victim runs out of paper. As a result, service outages may occur. The third type of Printjack attack is the most severe because it has the potential to carry out MitM attacks and eavesdrop on printed material.
While there is no evidence of threat actor attacks, telemetry shows that approximately 50,000 printers are exposed online in just the top ten European countries. TCP port 9100 can be used to connect to these printers.
Printers are some of the unknown threats on any network that organisations frequently ignore when it comes to securing endpoint systems. If not properly remedied, these devices can provide a backdoor for cybercriminals. In one recent instance, cybercriminals used a critical PrintNightmare vulnerability to infect victims with ransomware. The flaw affected the Windows Print Spooler Service, which manages printing jobs within the Windows operating system.
Researchers argue that printers should be secured in the same way that other network devices such as laptops are. As a result, printer manufacturers must improve the security and data handling processes of their products. Similarly, users and businesses must do their part by restricting privileged access.