The landscape of cybersecurity is always changing, and new threats are constantly emerging.
One of the newest – and the most interesting, if you are into that kind of thing – is the rise of printer malware. This type of malware started to be reported in November 2017, when Barracuda Labs saw an attack where cybercriminals spoofed a printer to send a malicious attachment that appeared to be a legitimate file sent by a network printer.
Since then, this type of attack has become more common. Comodo Threat Research Lab
wrote a recent blog post that outlined the ways that this type of attack works, and predicts that they will become more common in the coming years.
In this article, we’ll look at how this kind of attack works, and how to protect yourself against it.
How Printer Malware Works
The reason why printer malware is becoming more common is linked to the changing way that printers are used. Specifically, most printers are now connected via cloud services, whether on your home network or at offices.
The rise of cloud services has many advantages in terms of connectivity, but as Will Ellis, CISO at community research group Privacy Australia points out, “As more of our personal information goes into the ‘cloud,’ we become more interconnected but also much more vulnerable.” The problem gets worse as you connect more devices to your printer, as we mentioned recently in our guide on how to print and scan documents with Android.
Because many companies still don’t know how to monitor multi-cloud environments, printers are often a ‘soft spot’ that hackers can use to inject malware into a system. Modern printers are also able to communicate with users via email (and sometimes other forms of messaging), and this is where the power of this type of attack becomes apparent.
With the attacks detected in September by Comodo, for instance, cybercriminals spoofed the model number that belonged to the Konica Minolta C224e, one of the most widely-used printers in office environments. They sent a malicious email attachment (one of the most common types of a cyberattack) to victims from the printer and therefore bypassed the anti-malware software that had been deployed on the wiser system.
How to Spot Printer Malware
In some respects, the signs that your printer has been infected with malware are similar to the general signs of a malware infection. As a recent report from Clutch.co reveals, the signs include unusual behavior by your printer, such as not responding to your commands and refusing to install security updates.
There are some more conspicuous signs of an infected printer, though. As we’ve discussed, this type of malware will generally attempt to use your printer as a way of infecting your other devices, and it will generally do this by sending you messages which incorporate malicious code. Receiving a message like this from your printer is a pretty clear sign that it’s been
compromised.
A recent article published on Comodo outlines how to spot an email like this: attackers tend to focus on PDF-oriented malware, as most users think PDFs sent to their printer or scanner are harmless and coming from a safe source. The email you receive will likely have a subject line that mimics those used by your printer: “scanned from HP” or similar. Importantly, however, the filename will not be a .pdf, but something different, and likely a .exe.
That’s what you need to look out for, but how can you avoid your printer becoming infected in the first place?
How to Protect Yourself
Protecting yourself against printer malware is similar to the processes you should have in place to protect all of your hardware, including (and especially) your webcam, which can also be hacked.
First and foremost, you should think carefully about how connected your printer is to your wider network. Today, many printer manufacturers sell printers with the ability to use WiFi to connect to your home network. This is extremely useful if you are working on a laptop and need to print frequently, but in reality that covers a relatively small number of users.
If your printer is connected to your WiFi network all the time, it becomes much easier to attack it. It’s far safer to use the ‘traditional’ way of connecting – via a cable – even if this means you ‘waste’ an extra minute a day.
Going further, you should also protect your printer by changing it’s security settings. Ideally, you should have done this the day you got it, but perhaps you forgot. Regardless, changing the default username and password for the printers admin functions can be an effective way to protect yourself, because (believe it or not) databases of these default values are available for free online.
Third, practice good email attachment security. Always check every email attachment you get carefully, especially if it is from a new source. And if you are in any doubt, don’t open it. For most printers, you can also contact the printer manufacturer to ask if the behavior you are seeing is a normal part of the way the device functions.
Finally, you should recognize that the sheer scale of cybercrime means that it is almost inevitable that you are going to fall victim to an attack one day, either from your printer or another source. For that reason, make sure you take regular backups of all your key data and use freely-available security tools like VPNs and encryption.
The Bottom Line
Lastly, don’t be alarmed. It can be somewhat disturbing to realize that your printer, which normally sits on your desk quietly, can be turned against you. But by making sure it is properly secured, you can avoid infection, and protect yourself.
The key, as with everything to do with cybersecurity, is to keep yourself informed of new threats as they arise, and deploy countermeasures. So just by reading this article, you’ve taken the first step to avoid and stop printer malware.
Sam Bocetta
Sam Bocetta is a freelance journalist specializing in U.S. diplomacy and national security, with emphases on technology trends in cyberwarfare, cyberdefense, and cryptography. Currently working as part-time cybersecurity coordinator at AssignYourWriter