The choice of printers as targets for attacks
Posted: Sat Feb 08, 2025 5:56 am
The Nature of Threats to Enterprise Printers
Researchers at security consultancy NCC Group have identified several zero-day vulnerabilities in corporate printers that hackers are “sealing” to launch attacks that have no signature, meaning they leave no trace, allowing them to penetrate intrusion detection systems and other defense mechanisms. “To reduce the risk of vulnerabilities in corporate printers, it is necessary to improve software security throughout the entire development life cycle,” NCC Group experts believe.
According to them, developers are increasingly reusing previously written software components without necessarily checking their security, and this code can contain many vulnerabilities. To enter a corporate network, hackers introduce their software, which, by overflowing the buffer or temporary memory (when the traffic flow exceeds its capacity), damages the chile mobile database memory or RAM. "Once the attacker gains full control over the printer, he will be able to penetrate the company's internal networks and steal any confidential document sent to the printer," the experts note.
Once the attackers have gained access to the network, they look for credentials to penetrate sources of confidential information. “If the attack is successful, the attackers can gain access to the credentials of the domain used to configure the enterprise’s printer services and connect to the company’s internal resources,” they add.
is due to their weak security, which gives room for maneuver and helps to hide from corporate firewalls. "The network activity of printers is not monitored, and an attacker can, for example, change the code in the printer's memory, which is deleted upon reboot, leaving no traces," the experts explain.
Researchers at security consultancy NCC Group have identified several zero-day vulnerabilities in corporate printers that hackers are “sealing” to launch attacks that have no signature, meaning they leave no trace, allowing them to penetrate intrusion detection systems and other defense mechanisms. “To reduce the risk of vulnerabilities in corporate printers, it is necessary to improve software security throughout the entire development life cycle,” NCC Group experts believe.
According to them, developers are increasingly reusing previously written software components without necessarily checking their security, and this code can contain many vulnerabilities. To enter a corporate network, hackers introduce their software, which, by overflowing the buffer or temporary memory (when the traffic flow exceeds its capacity), damages the chile mobile database memory or RAM. "Once the attacker gains full control over the printer, he will be able to penetrate the company's internal networks and steal any confidential document sent to the printer," the experts note.
Once the attackers have gained access to the network, they look for credentials to penetrate sources of confidential information. “If the attack is successful, the attackers can gain access to the credentials of the domain used to configure the enterprise’s printer services and connect to the company’s internal resources,” they add.
is due to their weak security, which gives room for maneuver and helps to hide from corporate firewalls. "The network activity of printers is not monitored, and an attacker can, for example, change the code in the printer's memory, which is deleted upon reboot, leaving no traces," the experts explain.