“Printers Beware”

  • 13

“Printers Beware”

Dear Blast Readers,

 

Did you know that 54% of employee’s say that they do not always follow the security policies put into place by their company’s Information Technology departments? * Did you know that about 51% of employees who have a printer, copier, or a multi functioning printer (MFP) at their work place say that they have copied, printed, and/or scanned confidential documents at work before? *

 

With cyber threats on the rise, it is not a shock that even printers are not safe from cyber attacks and data breaches. If a printer is connected to a wireless network and is unsecure, then it is open to hacking. Once compromised, other devices connected to the same network are left vulnerable.

 

How can a hacker gain access to a network using an unsecure printer?

 

One way a hacker can gain access to your unsecured printer is if the firmware is out-of-date. This allows the system to accept malicious lines of code. The hacker can then use the code to gain access to:

  • Print Jobs.
  • The user’s computer.

 

Another way a hacker can gain access to your unsecured printer is using a drone. Along with a drone the hacker would need a mobile phone and two applications. The two applications would do the following:

  • The first application identifies all wireless printers
  • The second application deploys malware into the printers.

 

So how does this type of drone attack occur?

 

Firstly, the hacker would fly a drone using a smart phone into position outside of an office building. Once into position, the hacker activates the two applications. Once the first application scans for open Wi-Fi printers, the second application establishes a fake access point (one that mimics the real device). Once established, the fake access point is then able to intercept documents that have been sent to the real device. With network access gained, the hacker can then in-bed malware into the company’s network.

 

When malware is installed within the network, hackers can gain access to your servers and documents by:

  • Accessing sensitive and/or confidential information.
  • Changing the printer’s settings or LCD readout.
  • Launching DoS attacks (Denial-of-service attacks).
  • Using the printer to receive and transmit faxes.
  • To send unauthorized print jobs.
  • Retrieving saved copies of documents.
  • Eavesdropping on network printer traffic.

 

To take preventative measures against attacks on your printers Some typical prevention procedures include, but are not imited to:

  • Educating Employees on the importance of security
  • Defining what constitutes a secure password
  • User identification (with PINs and other verification) for printer usage.
  • Data encryption protocols (to prevent interception of data across the network).

 

If you any questions relating to Firmware, Network Security, Printer Security, Cyber Security or Computer Forensics contact FDS Global. You can reach us at our office at (954) 727-1957 or by email at RMoody@FDS.Global. Please feel free to visit our website at www.FDS.Global.

 

 

*(The statistics represented in this blast were identified from: Network, C. (2013, February 07). The Hidden IT Security Threat: Multifunction Printers. Retrieved April 25, 2017, from https://www.forbes.com/sites/ciocentral/2013/02/07/the-hidden-it-security-threat-multifunction-printers/#b615affb615a )*


  • 0

“Cyber Extortion”

Dear Blast Readers,

 

As the number of companies and enterprises whose companies rely heavily on the Internet rises, so does the number of opportunities that the cyber extortionist have. The Extortionists now have more chances to get inside a company’s/enterprises systems and extort their data for money.

cyber-extortion

“Cyber Extortion” can be described as a crime that involves an attack or threat of attack with a demand for money to stop the attack. Cyber Extortion can take on many forms, including then following:

  • Denial of Service Attack, also known as a DoS attack. (A DoS attack is a cyberattack where the cybercriminal looks to make a machine or network unavailable to the intended users. This happens when the cybercriminal temporarily to indefinitely interrupt or suspend services of an internet connected host
  • Ransomware (Ransomware can be defined as a malicious software that has been created to block access to a computer system until the cybercriminal(s) are paid a sum of money.)

 

Most Cyber extortion efforts are started because of a malware infested email and/or compromised website. The website/Email/Email attachment has been infected before the user has opened it. Once the victim has opened the infected URL, Email and/or Email attachment then the device that it has been opened on is infected.

 

Cyber extortion is quickly becoming a permanent feature in the cybercrime community, and it is a feature that can potentially affect any organization, enterprise or business. Even the companies that are best defended do get breached. Those that work with the thought that they are going to be targeted sooner or later, and adapt their techniques are less likely to suffer greatly.

 

The following are suggestions for how your Business, Company, Organization and/or Enterprise can prepare for a Cyber Extortion Attack:

  • Understand the evolving cyber threat your organization faces at granular level. (Who is likely to attack you?, What would they attack?, What is their capability to do so?)
  • Have systems in place that allow you to detect attacks. (If you can stop them this system will allow you to get on the front foot terms of response.)
  • Ensure your critical data is regularly and securely backed up (So you can restore from recent backups if hit with ransomware).
  • Ensure corporate response plans are fit for purpose for likely extortion scenarios. (Make sure these plans are tested and exercised so they operate smoothly if/when there us a crisis.)
  • Do not deal with an extortion attack as an IT Incident. (Make sure you manage the business crisis too.)
  • Ensure that you are able to call a specialist in the event of serious extortion.

 

If you have any questions about “Cyber Extortion” feel free to visit our website at www.FDS.Global, or give our office a call at (954) 727-1957

 

 

 

 

**Relate Material**

To lessen to risk that comes with Cyber Extortion, experts believe (and recommend) for users to educate themselves about Phishing Exploits and back up their devices regularly.

  • To Read FDS Global’s Blast on Phishing, Click Here To Watch—http://bit.ly/2eDfYww
  • To Read FDS Global’s Blast on the importance of backing up your devices, Click Here To Watch—http://bit.ly/2e7MtCj
  • Watch as Robert Moody takes a cell phone and retrieves hundreds of contacts that were thought to be lost, as well as talk about the importance of device backups on “Help me Howard”. Click Here To Watch—http://bit.ly/1XO0iWR