We have all heard the story of the Trojan Horse. The Greeks built it and left it in front of Troy. The Greek army left. The Trojans went outside the gates and wheeled it into the city. At night the Greek version of Special Forces jumped out and destroyed Troy.
The Trojans outside defenses were strong. But they let the threat inside. They were destroyed from the inside out.
Now take a look at the multi-function printer picture.
What do you see?
The "printer" is really a server.
Are you maintaining your printers like you would maintain your servers? Do they get the appropriate firmware and software updates? Who does that? You? A vendor? Does the vendor know what they were doing?
At the last Tech Talk we had a discussion about vendor printing solutions and default passwords. One attendee said that they changed the passwords on a vendor's printing solution from a default like Password123 and the vendor techs couldn't comprehend it and merely changed it back! I have mentioned that many of your door lock/badge or security camera solutions use the exact same passwords at every district!
The threat of both data loss (stealing information that goes through your printers) or using these advanced printer (server) platforms to launch an attack is not theoretical. It does happen.
Are these printers and printing solutions on your internal network? Are they segmented on their own network with appropriate access controls? If you don't have direct patch/update responsibility, do you treat them like you would any other third party vendor on their own vendor VLANs.
As we close out 2019, I encourage you to audit your printers and printing solutions and figure out what is and isn't going on. Reach out to your vendors and understand how their solutions are being maintained in your network. Understand if they are using default passwords or custom passwords.
If you need help sorting this out, please let us know.