Did you know Hackers can reduce your salary

/in /by

Highlights

  • As we all use printers, we usually select them based on standard criteria; however, it appears we are missing the most important one.
  • Getting access to your internal network is a severe security risk creating an enormous potential opportunity for hackers around the world.
  • How can we fix something we are blind to that can happen behind our backs?
  • You have to be notified about critical events or misconfigurations and be able to automatically block any malicious devices or potential threats.

Why choosing a printer is not just a matter of ink?

Canon, HP, Epson, Brother. This is just a short list of the most popular printers. You and your company most likely own one of them if not a few. How did you choose the most reliable ones? Depending on the line of work and the business of the company, some of the main factors to consider will be price, service quality, printing volume & speed and perhaps color contrast.

However, since they are connected to your network, did you ever stop to think that besides those factors and feedback on forums, you will need to address something as critical as security protection? Think again.

Your printer is a threat!

Even if you review your paycheck on a regular basis with a magnifier to ensure all the numbers are correct, you need to be aware of the security breaches your printer is exposing you to. First, document theft or hijacking – a potential GDPR breach but also think about hijacking your paycheck and changing the numbers. Second, changing settings to alter and reroute the printer jobs and get valuable data. Third, printers exposuring your network via rogue device thus adding a new area of vulnerability.

What if, a hacker (internal or external) would find the first security breach and alter the numbers on your salary sheet? Instead of the real numbers, they would modify it and reroute the actual money to their bank account. How big of an impact would that be on your company? On your own salary as an employee or the entire company’s employees? Just think about the bad reputation or the potential financial damage to everyone.

Getting access to your internal network presents a severe security breach and vulnerability with an enormous potential threat from hackers around the world. Just read about “Stackoverflowin”1 to know the potential damage that could have done!

Protect your printer!

How can we fix something we are blind about and can happen behind our backs (and let’s just say we are not teachers)?

  1. Be notified about misconfigurations of devices and network, exposed assets & security postures and be alerted about malicious hardware and “uncontrolled” devices.
  2. Secure & Block – protect the “innocent” printers internally and externally by applying the relevant configuration (i.e., use complex password) and securing their USB interfaces. You can also validate the connection on the physical layer or generate “two-way” authentication, but the most important method is to identify and block any malicious device once discovered.

Conclusion

Now that we understand that choosing a printer is not just by the amount of ink it consumes. It can do much more than print expense receipts. It can facilitate a change to your (precious) salary and be a conduit to an even more critical organizational content. Centerity wants to offer a solution.

You have to be notified of critical events or misconfigurations and be able to automatically block any malicious device or potential threats. For this purpose, Centerity’s Cyber AIOps platform includes rogue device mitigation and observability modules. Centerity knows how to identify and block malicious hardware attacks as they happen, while keeping your printer’s configuration safe based on security best practices.

Want to protect your salary? Talk with us!

[hubspot type=form portal=3798741 id=8b1ac084-ba26-437a-af14-8404a8188f98]

A Rogue Device Sandwich

/in , , /by

Writers: Stanislav (Stas) Siganevich, Retail Sector Manager and Snir Zarin, Solution Architect, Centerity.

I just wanted to have lunch but instead I’ve spotted a security breach. Does it make sense that a CISO needs to be physically present in a retail store to know about those threats?

Highlights

  • It appears there are physical threats which are not covered by the standard security tools.
  • Only by arriving locally to one of our retail stores, I could identify a huge potential unknown security breach.
  • How easy is it to use a malicious device to penetrate our organization defenses? Quite simple to be honest.

Found it by chance

I’m hungry, I thought to myself as I was finishing with the last of the FW rules and distributing them to all of the stores. The daily dilemma of “where to get my calories today” was irrelevant today because yesterday the retailer I worked with to opened a brand-new store with a deli nearby that looks very promising.

As I was marching to the elevator, I remembered that I didn’t distribute the latest patches to the new equipment in that very store I was going to get my lunch from, but… it can wait an hour, I guess. When I entered the store the smell of the fresh baked bread and smoked meat fills my lungs and I joined the long line on my quest to fulfill my gastronomic desires.

The line was moving slowly, so I decided to try to catch up with all of the emails, though it’s not really possible. The reception in the store was not that good so connecting to a corporate WIFI sounded like the quickest solution (the bonus of being an information security officer), but when I was searching for a desired network in the list something caught my eye – an unknown network clearly transmitting from within the store with a really strong signal.

Red alert, red alert, all warning signs went off. I pulled my Laptop from the briefcase and left the line – my smoked beef sandwich will have to wait for me.

I started looking around to see if I can spot something or someone unusual. Everyone was pretty much busy with their food, god I’m hungry, except for one young lady that was sitting with a laptop, but without even a coffee cup in sight, right next to her there was a slightly displaced digital billboard that we had just recently installed. When I started walking towards her to see what she’s doing she must have noticed my corporate badge and quickly close the lid of the computer and started to go towards the exit. I checked my phone and… the network was still transmitting. I got a bit closer, just close enough to see a small black device sticking out of the network sockets that were in use by the billboard. When I pulled that sucker out, the unidentified network went down. Another one under the belt. A few moments later I was again in the line for that divine sandwich, feeling like a hero, wondering, why can’t I clone myself, though the thought of “why my NAC solution did not stop this” had me a bit (a megabit to be frank) worried.

“45!” the teller shouted. That’s me!!!! Oh joy!! “One Brisket with pickles and Coke please”, I approved the payment with my watch and the guy turned away to prepare my meal. In the meantime, I had nothing to do but to explore the POS in front of me, one of those I have to distribute with the latest patches once I get back to the office. Big screen, wireless payment terminal, the new Verifone model is prettier than the previous one I thought to myself, but wait, what is that I see? 3 shining USB ports just staring at me, without any barrier, just 20 centimeters from my hand, unsupervised, unprotected, exposed to the whole world for abusing. Sometimes I just wish I could unsee things, but this is not the case. In case you do not see an issue with this situation, let me draw a picture for you: Anyone, yes, anyone, a customer, a supplier, an employee, can connect a rogue device to this USB, oh, sorry, first lets say a few words about “Rogue Device”:

By definition, Rogue devices are malicious by nature. They are devices that have intentionally been compromised to carry out cyberattacks including data breaches, malware and ransomware attacks. Manipulating a peripheral device with a small computer, such as the Beagle Bone Board, allows bad actors to remotely gain access to an organization’s network by creating an out of band connection to bypass an air-gapped network. From here, data can be extracted, or malware/ransomware can be installed without the end-user knowing it, causing organizations to be vulnerable to both exfiltration and injection. Often, rogue devices help attackers perform man in the middle (MiTM) attacks, whereby the device intercepts the message from the victim to the entity. The consequences are impactful, and these attacks can even allow attackers to bypass biometric authentication.

Again, I pick up the phone, and realized our existing MDM and NAC systems can’t recognize those kind of devices, as they appear legit to the operating system. I guess I need to find a solution which can track those malicious hardware foes instantly, without visiting our entire retail store network on a daily basis. Dam, do you remember that I have not eaten yet??

My sandwich is packed and I’m all set to go. I start walking toward the exit when I pass the new digital billboard that is being installed and… oh my eyes!!!! Corporate network socket is just waiting there for anyone to connect to, but I’m hungry, so we will pick it up in the next episode.

Conclusions

As existing security tools are not covering the new era types of Rogue devices, we need to find a resolution to close this vulnerability and fast. Rogue devices are cheap and available to all, especially to bad guys with bad intentions. Any open hardware slot is similar to any open port. We can compare it to a closed but unlocked door which can be opened simply by turning the door knob, open it and get full access.

What can you do? A lot. Centerity’s Cyber AIOps Module for Rogue Device Mitigation can prevent those malicious hardware devices from penetrating your network. We will be more than happy to show you how simply you can avoid those kinds of attacks and keep your organization safe.