Late last week, the FBI issued what is known as a Private Industry Notification, or PIN, regarding Internet connected printers. These are printers that allow you to print to them remotely, when outside the network.
The FBI has confirmed that criminal actors have exploited vulnerabilities in these printers to either manipulate legitimate print jobs or to distribute threats and hate speech. In one confirmed case, over 130 businesses across all sectors of the economy, received bomb threats via fax or forced print jobs.
The FBI has identified the following recommendations to prevent these types of cyber attacks:
- Ensure ports 515, 631, and 9100 are not publicly accessible over the Internet. If keeping these ports open is necessary, consider whitelisting specific IP addresses or subnets to ensure only legitimate traffic can connect to the printer.
- Consider the use of alternative ports for Internet-connected printers and other devices.
- Ensure all Internet-connected printers and devices on the network have strong usernames and passwords. Default usernames and passwords should be changed.
- Conduct daily reviews of printer logins to identify and flag unauthorized IP addresses.
- Configure firewalls to block traffic from unauthorized IP addresses to printers and other network devices.
- Restrict Internet-connected printer and device connectivity to non-sensitive business networks.
If you have an Internet enabled printer in your home or office, I strongly encourage you to take the above steps today.
The FBI encourages everyone to report potential cyber criminal activity to the FBI’s 24/7 Cyber Watch (CyWatch). CyWatch can be contacted by phone at (855) 292-3937 or by e-mail at CyWatch@ic.fbi.gov. When available, each report submitted should include the date, time, location, type of activity, number of people, and type of equipment used for the activity, the name of the submitting company or organization, and a designated point of contact.