Why CyberNews' Printer Hack Proves You Need a vCIO

Has your printer been hacked recently? As reported by Forbes, approximately 28,000 printers were hacked by the group known as CyberNews. Luckily, CyberNews is comprised of ethical hackers — and rather than causing mayhem, they used a discovered vulnerability to print a document starting with the eerie message, “This printer has been hacked.”

The document explained the vulnerability and offered advice on how to secure it — but these 28,000 printers only scratch the surface of this particular security risk. CyberNews used Shodan, a tool leveraged by both cybersecurity professionals and hackers alike and found that 800,000 printers worldwide had the potential to be hacked using this particular vulnerability.

Those 28,000 printers (27,944 exactly) were the successful targets of a hack focused on 50,000 printers in total, meaning CyberNews saw a success rate of 56%. Expounding upon these findings, it is safe to assume over 400,000 printers are at risk of being hacked using the same exploit — a staggering number of unsuspecting businesses and individuals.

CyberNews’ custom script only targeted printing permissions. A less ethical group of hackers, however, will do the opposite. When thinking about cybersecurity, we all tend to think of passwords, two-factor authentication, EDR anti-virus software, and other complex solutions. Printers, however, are often overlooked — it is just a printer, after all.

WHY PRINTER SECURITY SHOULD BE A PRIORITY

It’s important to note that CyberNews had to take extra care to only gain access to printing permissions. But, even something as relatively benign as printing permissions can spell disaster for your business — a hacker could lock all users from print functions, crippling your operations. Or conversely, force your printer to print full color solid-black pages until it runs out of toner.

The reality, however, is much more grim than imagined. A printer or copier is a networked device like any other. It uses an internet connection to communicate with devices, using your wi-fi connection just like a laptop or mobile device connected to your network.

A printer seems like a low-priority target for hackers, but it is in fact the opposite. A copier is usually accessible to most devices present on your business’ network — meaning that copier has access to those devices as well. If a device has a print driver installed on it, the printer has a way to communicate with that device, thereby giving hackers a route of infiltration.

A printer, much like a wireless router, serves as a connection hub. Rather than connecting to multiple devices a day like a smartphone, multiple devices connect to the printer. This allows the hacker to sit back and wait as unsuspecting devices connect to it throughout the day, adding to the potential number of devices to exploit.

To make matters worse, this particular vulnerability was a rehash of the same findings made by the hacker responsible for the PewDiePie incident in 2018, who also found 800,000 printers to be vulnerable using Shodan. In the two years since the PewDiePie incident and this, how many printers and copiers were hacked?

And this exploit is one among many networked printers face — from other custom scripts made by hackers, to something as simple as the age of the printer itself. Recently, copiers and printers have started to switch from TLS1.2 to TLS1.3, with Canon leading the charge. If your printer doesn’t use the newest version of TLS (a method of connecting two devices using encrypted messages), it is most definitely at risk of being hacked.

HOW A vCIO CAN HELP

The complex issues facing a business’ network — like those covered above — are the reason why businesses employ a CIO. The title of this position can change depending on the organization, but their responsibility remains the same — to assess the entirety of the business’ technology and network for any exploits, and to manage the implementation of the solutions and devices they find.

It is difficult to plan and manage a secure and synchronous network that accounts for each device that connects to it, all while continuously managing teams, projects, and technology acquisitions. And due to this difficulty, a CIO is a very expensive position to keep on payroll. The problem for many small businesses, however, is that the insight that comes from a CIO is too valuable to ignore. So, what option does a technology-reliant small business have other than shelling-out six figures a year for a CIO or IT Director?

This is where a vCIO can help. A vCIO offers all of the benefits of a CIO, but at a fraction of the cost. And how is this possible? Through a MITS partnership. Some Managed IT Service providers will offer vCIO services in addition to the usual security and software solutions performed by MITS companies.

Because MITS services use a subscription-based pricing model, your business can enjoy the benefits of a full-time, salaried CIO, but with a much lower price tag.

While complex security vulnerabilities like the exploit found by CyberNews are best solved with the help of a vCIO, there are plenty of steps your small business can take to improve your network’s security, without any cost. You can find these free cybersecurity software solutions here.