Russian hackers infiltrate corporate networks via office printers

Russian hackers infiltrate corporate networks via office printers

The Russians are at it again. This week the Microsoft Threat Intelligence Centre published a blog post saying that the Russian hacking group known as Strontium  (AKA Fancy Bear) is responsible for a new corporate networks attack, which occurred earlier this year.

In April, security researchers in the Microsoft Threat Intelligence Centre discovered infrastructure of a known adversary communicating to several external devices.

According to the blog post, further research uncovered attempts by the actor to compromise popular IoT devices (a VoIP phone, an office printer, and a video decoder) across multiple customer locations.

Michele Mabilia, head of product marketing at Kyocera Document Solutions UK commented on the news, saying,“The attack raised an issue that deserved to be pointed out. With the increasing influence of the cloud, IoT and other digital transformation technologies, businesses tend to focus on the opportunity these technologies represent.

“Instead, they should be making sure that every cloud-enabled, mobile and smart device – including their IP-connected print device – is protected against both malicious cyber-attack and accidental data loss.

“According to Microsoft, the bad actor used a VoIP phone, an office printer, and a video decoder to gain initial access to corporate networks either because the passwords for the devices were deployed without changing the default manufacturer’s passwords or because the latest security update had not been applied to the device.

“It goes without saying that setting a strong password and making sure you install the latest update for your security tools are the basics of cybersecurity. The best defences for a secure network are composed of multiple barriers.

“When it comes to printers, default settings are insufficient to prevent the growing number of threats to data and network security. However, there are solutions that make it quick and easy to identify and address vulnerabilities. They can identify open ports, alert the users of any unusual activity and generate diagnostic report on demand.

“As the saying goes: ‘better be safe than sorry’, so the earlier vulnerabilities are identified, the more chances you’ll have to mitigate the threats,” he concluded.