F-Secure (Headquarters: Helsinki, Finland; CEO: Juhani Hintikka; Japan subsidiary: Minato-ku, Tokyo; hereinafter referred to as F-Secure), a provider of advanced cyber security technology, is Hewlett-Packard Company. (hereafter, HP) announced the discovery of vulnerabilities in more than 150 models of multifunction printer (MFP) products and the results of its investigation. Attackers can exploit this vulnerability to take control of vulnerable devices, steal information, and even infiltrate networks to do more damage. Based on information provided by F-Secure, HP has provided patches to fix these vulnerabilities. F-Secure security consultants Timo Hirvonen and Alexander Bolshev discovered an exposed physical access port vulnerability (CVE) in HP's FutureSmart series multifunction printer MFP M725z. -2021-39237) and a font parsing vulnerability (CVE-2021-39238). Security advisories published by HP list more than 150 products affected by this vulnerability. The most effective way to exploit these vulnerabilities is to trick users of the target company into visiting a malicious website, such as by phishing, and then use the vulnerable MFP used by the company as a cross-site printing attack. It is to be exposed to called attacks. When a user visits this site, it automatically remotely prints a document containing maliciously crafted fonts on the vulnerable MFP, giving the attacker code execution rights on the MFP. An attacker with these code execution rights can covertly steal any information executed (or cached) through the MFP. This includes not only printed/scanned/faxed documents, but also information such as passwords and login information to connect the MFP to other networks. Attackers can also use a compromised MFP as a stepping stone to penetrate deeper into a company's network for other purposes, such as stealing or modifying other data or spreading ransomware. F-Secure researchers have determined that this vulnerability is extremely difficult to exploit and would be difficult for low-skilled attackers to exploit, but for experienced and highly skilled attackers. We believe that attackers can use it for targeted attacks. Additionally, this font parsing vulnerability was found to be wormable. This means that attackers can automatically compromise vulnerable MFPs and create self-propagating malware that spreads to other vulnerable MFPs on the same network. “We often forget that modern MFPs are fully functional computers that attackers can compromise, just like any other workstation or endpoint. In addition, compromised devices can be used by attackers to damage a company's infrastructure and operations, which experienced cybercriminals see as "unprotected devices = big opportunity." increase. As such, businesses that fail to recognize that MFP protection is just as important as regular endpoint protection may be exposed to attacks like the ones reported in this study. ' explains Hirvonen.
Advice for protecting MFPs:HP is the leading company in MFPs, said to hold 40% of the hardware peripheral market*1, and many companies around the world may be using the model of MFP for which the vulnerability was discovered this time. Hirvonen and Bolshev notified HP of their findings earlier this spring and provided support for fixing the vulnerability. HP is now releasing firmware updates and security advisories for affected models. Because of the difficulty of exploiting this vulnerability, many attackers find it impractical, but for enterprises targeted by advanced attacks, it is important to secure vulnerable MFPs. Yes, say F-Secure researchers. In addition to patching, measures to ensure MFP security include:Hirvonen concludes on the measures companies should take:
"Businesses with advanced technology and abundant resources that can be targeted by attackers, such as large enterprises and companies in important areas such as infrastructure, need to take this situation seriously. There is no need to panic immediately. No, but to prepare for an attack like this, we need to re-evaluate what threats we are exposed to.This attack is sophisticated, but network segmentation, patch management, security・It can be mitigated with basic measures such as hardening.”
Details of this research can be found on the following page.
https://blog.f-secure.com/ja/printing-shellz/ (Japanese)
https://labs.f-secure.com/publications/printing-shellz (English)*1 https://www.idc.com/promo/hardcopy-peripherals F-Secure press page:
https://www.f-secure.com/en-en/pressAbout F-SecureNo other company on the market knows more about real-world cyber threats than F-Secure . Hundreds of the industry's best security consultants, award-winning software on millions of devices, evolving AI technology for innovative security measures, and Detect and Respond. F-Secure bridges these gaps. We have earned the trust of leading banking institutions, airlines, and many enterprises around the world for our commitment to "defeating the world's toughest threats." F-Secure's mission is to provide enterprise-class cybersecurity with top global channel partners and a network of over 200 service providers.
F-Secure is headquartered in Helsinki, Finland, and its Japanese subsidiary, F-Secure Corporation, is located in Minato-ku, Tokyo. It is also listed on NASDAQ Helsinki. For more information, please visit https://www.f-secure.com/en/welcome (English) and https://www.f-secure.com/ja_JP/ (Japanese). Information is also distributed on Twitter @FSECUREBLOG.