Reliable Office Blogs

Reliable Office Blogs

Insightful News & Helpful Tips for Document-Management

Malware, Small Business, and MFPs. The Vulnerabilities of SMBs to Cyber Attack:

For the average hacker, your small business is an easy mark. This is because (contrary to popular belief) small businesses are highly vulnerable to breach. Despite this many business owners enjoy a false sense of security on the matter—believing themselves too small to attract the attention of a hacker. While this may have been true ten years ago,  the reality is quiet different today. Hackers have been targetting SMBs at an exponential rate year over year, seen as an easy lock to pick compared to more sophisticated larger firms. 

Increasingly, non-PC devices in networked environments are being targeted by Malware. Hackers often utilize the IoT search-engine Shodan to find target networked devices.

SMB-Security Fast-Facts

  • 43% of all successful security breaches occur at Small Businesses
  • Cyber-Criminals have begun to target SMBs– Since 2019, there has been a 424% increase in the number of attacks targeting SMBs.
  • 1 out of ever 323 emails received by an SMB contain malware.
  • 68% of SMBs do not have a Disaster Recovery Plan in place in the event of a breach.
  • 66% of SMBs that are victims of a cyber attack will go out of business within six months.

 Indeed, 58% of all successful malware attack victims are Small Businesses (SMBs). And while you may not have to defend against the scores of potential hackers seeking your information as government entities or fortune 500s might have to,  in the fragile world of SMBs a single attack can be catastrophic for your firm. So let’s start by taking a look at a (non-exhaustive) list of the types of malware that could be a threat to your firm. Then, we’ll see what risk these threats are to your work environment’s document-management device(s).

Types of Malware Attacks

It’s important to remember 91% of all malware attacks originate in email. These phishing emails often (though not always) have certain idiosyncrasies that belie their true purpose:

    • Poor grammar and unnatural English phrasing.
    • Typos.
    • Erroneous spaces or periods wthin text.
    • On hover (do NOT click) of email CTA, the URL link does not reference the the company (ex: Netflix.com) domain name.
    • Links are unnaturally long and ambiguous. 

 

Malware attacks can come in a variety forms, but the most common and successful are those targeting the #1 cause of a data-security breach: Human error. Hackers exploit this by using psychological tricks, or Social Engineering,  to convince or trick employees into giving away company information or compromising themselves and their device by clicking through an infected link. Some types of socially engineered malware attacks are as follows:

Phishing

Phishing is by far the most common attack vector for hackers. They usually have goal in mind of obtaining compromising personal information from your employees– such as their Social Security Numbers. Or they and try and direct the user to a misleading link that redirects the user to a landing page hosting more sophisticated hacking software. The most common vector (medium) of exchange used to traffic 

Baiting

Baiting is very similiar to– and can be thought of as– a type of phishing. The key difference lies that in a baiting technique, the hack is usually offering the user a physical item or good to entice them to click through the email. For example,  hackers promote an email or online CTA offering the user free music or movie downloads, to trick users into clicking through links to malware and/or handing their login credentials to these bad actors unknowingly . The most common vector for baiting, as with phishing, is email. But Baiting can also occur in an offline setting. 

Pretexting

Pretexting is in some ways a more “sophisticated” type of social engineering than phishing and baiting. It is one of the social engineering tactics of malware that is most successful at victimizing C-level executives and other high-ranking members of an organization. The attack relies primarily on establishing a credible narrative and “air of legitimacy” between themselves and their surrounding a manufactured scenario  which they use as a “pretext”, or false motive, to get inside a company’s security. An example might be a hacker impersonating an employee’s email from (or other communique) from another department of the same company in order to gain access to protected information.

Scareware

Scareware is a type of malware that tries to trick the user into thinking that they have a more serious malware virus and try to convince them to buy a fake antivirus or security software. They rely primarily on shock-factor or the perception of the threat in hopes of getting potentially unwanted software (PUS).

Ransomware

Of this list by far the most sophisticated type of malware. Ransomware is sophisticated software that once inside your system gains control of your systems data. It then uses a technique called crypto-viral extortion to encrypt your files, which become inaccessible until the hackers ransom demands are met.  Since 2018, ransomware attacks have increased over 229%. Ransomware spreads into a network via a phishing email, or by a user unknowingly visiting an infected site. Recovery can be difficult and required a 3rd-party data recovery specialist. It’s also important to note that even if you pay the hacker’s demands, there is no guarantee they will un-encrypt your files. 

The MFP: A Security Risk

Your Device Can Provide a Potential Hacker with a Foothold

The MFP has grown in popularity since the turn of the millennium, and with it increased convenience and productivity that these devices bring. But they also pose security risks. As with any device running embedded software, your MFP’s information is susceptible to attack at the hardware, document, and network level. In today’s growing Internet of Things (IoT) environment, hackers have begun to target printers and multifunctional devices specifically due to their perceived lax security.

There has been some truth in the past to justify this belief from hackers that printers are an easier target in a network than other embedded software devices. A common tactic for hackers has been to use data stored on printing devices as a foothold for fraud and identity theft tactics—gaining them some legitimate information with which to try and trick a user into allowing them into more secure aspects of an SMBs network. Further, compromised devices can be utilized as botnets and staging grounds for even great malware propagation.

Created in partnership with McAfee Security, ConnectKey’s state-of-the-art software recently won Buyers Labs’ “BLI 2020 Document Imaging Software of the Year” , particularly for its outstanding whitelisting capabilities.

Advances in MFP Security

To address these threats Manufacturers’ (OEMs) have needed to develop more robust security protection for their devices to meet consumer need for security. Even the desktop HP enterprise class printers have become able of detect malware through run-time intrusion detection via HP’s “Connection Inspector”. Xerox, (the first American brand to achieve Common Core security certification) has ConnectKey Technology enabled in all its Versalink, Altalink, and Primelink devices. But while progress by OEMs in embedding security technology in their next generation of devices has been largely successful, the “mixed fleet” nature of most companies document-management assets—with both old and new devices from multiple manufactures sharing the same security environment. This means in any one office there is more than likely one or two outdated models that would be unable to defend themselves from a hackers attack, and so are ideal targets.

If you are unsure whether any of the devices in your fleet are vulnerable in this regard, it may be a worthwhile idea to consider a Print Security Threat Assessment. These assessments are simple enough, and usually occur in confluence with a broader Managed Print Services (MPS) review for of your printer fleet. With a threat assessment you will be able to determine which of your devices are vulnerable to attack, which are secure, and what you can do to improve your security. With these threats in mind, lets review some of the next-generation security features that protecting small business like your own from the threat of malware attack:

The MFP: A Security Asset

While the above statistics might be unsettling, most who fall victim to these attacks are those who have not prepared for them in advance. There are many tools in your arsenal to fight back against potential hackers:

Firmware Attack Prevention and Self-Recovery

Sharp’s Self-Recovery capability is a recent upgrade to the line. Within each Sharp devices Hard Drive (HDD), a “kernal” or “vault”, exists in which the MFP clones itself at every shut down. At every start-up the MFP will run a “hash” against the code in this cloned kernel.  If there is a mismatch in the two data sets, the MFP will prompt the user with this information and request a reboot; at which time it well re-clone itself from the stored version within its HDD kernel.

Application Whitelisting

One approach in combating viruses and malware is “whitelisting” software. To “whitelist” something is to explicitly condone the use of that software on your network—and block any device on that network from using any software’s not outlined in the Whitelist. A whitelist is a software application usually housed in a separate HDD than the MFP. An MFP simply has the ability to communicate with the whitelist to allow and disallow certain entities on a network, the same way any other peripheral device would interact with a whitelist.

Whitelisting Icon

Authentication & Authorization

      Sharp MFPs can limit unwanted user access with user authentication. To protect data in transit, all user credentials are transferred to and from the device using a combination of Kerberos and Transport Layer Security (TLS) to avoid data interception. Once a user has been authenticated with  the MFP, access to certain features can be created or restricted depending on their personal position. This can be used by IT administrators remotely and securely; allowing IT administrators to conveniently manage your entire printer fleet and access specific features with an advanced level of control.

Key Features for Authorization and Access Restriction:

  • Password protected administrative access.
  • Print, Scan, Copy, Fax, remote function control.
  • Access controls for all MFP(s) hard drives remotely.
  • Page Limit Controls
  • Color Printing Controls
  • Forced-Pull Printing
  • Domain Restrictions
  • Forced Scan-to User Email
  • Forced Scan-to User Home Folder

Confidential Printing

Sharp’s Self-Recovery capability is a recent upgrade to the line. Within each Sharp devices Hard Drive (HDD), a “kernal” or “vault”, exists in which the MFP clones itself at every shut down. At every start-up the MFP will run a “hash” against the code in this cloned kernel.  If there is a mismatch in the two data sets, the MFP will prompt the user with this information and request a reboot; at which time it well re-clone itself from the stored version within its HDD kernel.

Windows Print Driver Logo

Active Directory

Sharp’s Self-Recovery capability is a recent upgrade to the line. Within each Sharp devices Hard Drive (HDD), a “kernal” or “vault”, exists in which the MFP clones itself at every shut down. At every start-up the MFP will run a “hash” against the code in this cloned kernel.  If there is a mismatch in the two data sets, the MFP will prompt the user with this information and request a reboot; at which time it well re-clone itself from the stored version within its HDD kernel.

End-of-Lease Wipe

Sharp’s Self-Recovery capability is a recent upgrade to the line. Within each Sharp devices Hard Drive (HDD), a “kernal” or “vault”, exists in which the MFP clones itself at every shut down. At every start-up the MFP will run a “hash” against the code in this cloned kernel.  If there is a mismatch in the two data sets, the MFP will prompt the user with this information and request a reboot; at which time it well re-clone itself from the stored version within its HDD kernel.

If you want to learn more about your printer options and the benefits of working with Reliable Office Technologies, call our office at (301)-695-0464  to speak with one of our team members or visit our site at www.rotcsolutions.com . We also look forward to hearing from you on any of our social networks!

Request an Assessment Today

Proudly servicing Virginia, Maryland, West Virginia, & Pennsylvania

Share this post

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email