Home STAY CURRENTArticles How Printjack Attacks can Turn Printers into Botnets for Launching DDoS Attacks

How Printjack Attacks can Turn Printers into Botnets for Launching DDoS Attacks

by CISOCONNECT Bureau

Recently, a group of cybersecurity researchers discovered three attacks called “printjacks” to warn people of the security risks of trusting printers.

A group of Italian cybersecurity researchers have discovered a series of three “printjacks” attacks to warn people about the cyber risks of trusting printers. Attacks involve recruiting printers with DDoS swarms, imposing paper DoS states, and violating privacy, according to Bleeping Computer.

Security experts say modern printers are still vulnerable to basic flaws and cannot keep up with other IoT and digital devices that have begun to adhere to cybersecurity and data privacy regulations.

After assessing the cyberattack, security redearchers discovered a breach of the GDPR regulations as well as ISO / IEC 27005: 2018, which is a framework for managing cyber risk. The lack of built-in protection is extremely concerning given the ubiquitous usage of printers in critical areas, businesses, and companies of all kinds.

Research Findings
According to a study prepared by Giampaolo Bella and Pietro Biondi titled ‘You Overtrust Your Printer’, the researchers explain how the search engine Shodan was used to search for devices having a publicly available TCP port 9100, which is usually used for raw TCP/IP printing jobs. These devices were located in several European countries.

Thousands of IPs responded to the port inquiry after the scan, with the most vulnerable devices located in Germany, Russia, France, the Netherlands, and the United Kingdom.

While port 9100 can be used for a various purposes other than printing, it is the default port for that service, therefore the vast majority of these responses are most likely linked to printing.

Types of Attack
First Type of Attack: The first sort of Printjack attack, according to BleepingComputer, is to use a known RCE vulnerability with a publicly available PoC to recruit the printer in a DDoS swarm.

The CVE-2014-3741 is used by experts as an example, but there are at least a dozen of other vulnerabilities in the MITRE database, according to the experts.

Given that the top ten EU countries alone have 50,000 vulnerable machines, recruiting them for DDoS attacks isn’t out of the question.

Printers that have been impacted are more likely to become unresponsive, dissipate more energy, and generate more heat, and their electronics will deteriorate more quickly.

Second Type of Attack: The second type of attack is known as a ‘paper DoS attack,’ and it involves sending numerous print jobs until the target’s trays are empty of printing papers. The organisation could experience severe disruption in this circumstance.

This type of attack, according to researchers, is easy to carry out by writing a simple Python script that runs inside the victim system and creates a thousand-times-repeating printing job loop.

Third Type of Attack: There is a possibility of “man in the middle” cyberattack and monitoring of printed documents in this type of serious Printjack attacks. This is because no printing information is encrypted and if a threat actor exploit security flaws in the printer’s network, they could potentially retrieve data in plaintext format.

Lack of Adequate Security Measures for Printers
In recent years, the lack of proper security measures for printers has been highlighted several times, particularly after printers became internet-connected.

On both the hardware and software levels, printer vendors must improve the security and data handling operations of their devices.

Additionally, users and organizations should avoid regarding printers as a minor component of their daily computing, assuming incorrectly that these devices offer no serious cybersecurity risk to them or their data.

Staying Secure
So, how can we secure the printers and prevent all these attacks? The most crucial thing, without a question, is to maintain the printer up to date. We must always install the most latest versions as well as any available security patches pertaining to the printer. Only then can the devices be adequately secured.

Not only must we make effective use of the printer, but we must also make good use of other devices. The network to which it is connected, as well as the rest of the devices, should be secured. A genuine antivirus, for example, can be quite useful for the security of computers and ensure that they are not used as gateway to printers.

Recommended for You

Recommended for You

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Close Read More

See Ads