By Ron Benvenisti. Within the past week, numerous businesses and organizations in New Jersey and across the United States have reported bomb threats received via networked printers and fax machines, as well as through email.
The NJCICC reported today that on Tuesday, at least 12 New Jersey organizations received bomb threats, however, none of which were deemed to be credible. Similar threats were received by schools and hospitals across the nation which forced evacuations, disrupting operations and costing both the victims and first responders time and money.
Internet-connected printers and faxes have been compromised to deliver threats in similar incidents in the past. In March 2016, several universities reported receiving Nazi propaganda via their printers and, in February of this year, a teenager in the UK reportedly hacked 150,000 printers, including those connected to restaurant point-of-sale systems. In both cases, the perpetrators claimed their intentions were to highlight the need for organizations to better secure their printers and networks, and their point is not unfounded. A quick search on Shodan, a search engine for internet-connected devices, reveals large numbers of printers that are open and exposed to the public internet. Currently, in New Jersey, approximately 800 devices with port 9100 open to the internet, there are nearly 1,000 devices with port 631 open, and over 2,100 devices with port 515 open. These are ports typically used by internet-enabled printers and, with minimal effort or technical ability, can be used by hackers to remotely send print requests to networked printers.
Organizations using internet-enabled and multi-function printers isolate them from the public internet, change the default password to the administrative control panel, close all unnecessary ports and services, whitelist IP addresses/IP subnets or require a VPN to access the local network, and keep all firmware updated. If you receive a similar threat, immediately report it to your local police department and submit an incident report to the NJCCIC.
CyVision Technologies, Inc