Summary: The transition to hybrid work models has revealed significant vulnerabilities in corporate print infrastructure, leading to increased security risks and data breaches. Organizations are urged to prioritize print security as attackers exploit these weaknesses, particularly in unmanaged and legacy printing environments.
Threat Actor: Nation-state actors | nation-state actors
Victim: Organizations with hybrid work models | organizations with hybrid work models
Key Point :
- Hybrid work has led to increased use of insecure and unmanaged printers, raising security risks.
- Recent vulnerabilities, including CVE-2024-38199 and CVE-2024-21433, highlight the need for improved print security measures.
- 67% of organizations reported printer-related security incidents in 2024, with small and mid-market firms facing the highest risks.
- Legacy printer environments often lack monitoring tools, making them attractive targets for attackers.
- Cloud print services face security concerns that hinder adoption, emphasizing the need for zero-trust principles in print infrastructure.
The shift to hybrid work models has exposed new vulnerabilities in corporate print infrastructure and heightened security risks at many organizations.
The risks run the gamut and include employees using insecure and unmanaged printers, remote workers sending print jobs over public networks, inadequate user authentication and print job release processes, exposed local spools and caches, and inconsistent patching practices.
A relatively low but steady volume of print-related vulnerabilities have exacerbated these issues. Recent examples of such vulnerabilities include CVE-2024-38199 (a remote code execution [RCE] vulnerability in the Windows or Line Printer Daemon [LPD] Service), CVE-2024-21433 (a Windows Print Spooler elevation of privilege vulnerability), and CVE-2024-43529 (a similar vulnerability that Microsoft disclosed in its October security update). The threats are certainly not Windows-specific, either. Recently, researchers discovered a set of potentially severe flaws in Common Unix Printing System (CUPS), a legacy protocol largely used in Linux, Unix, and heterogeneous environments.
Though few of these flaws have presented as major a threat as the PrintNightmare RCE flaw from 2021 in the Windows Print Spooler service, they have complicated the challenge of managing modern print infrastructure. Attackers, including nation-state actors, have sometimes abused printer software vulnerabilities — like CVE-2022-38028 — to substantial effect in their campaigns.
Increase in Printer-Related Breaches
The trends have driven an increase in print-related data breaches. A recent study that Quocirca conducted found that 67% of respondents experienced a printer-related security incident in 2024, compared with 61% last year. Small and mid-market organizations fared worse, with three-quarters (74%) reporting a printer-related data loss incident. Thirty-three percent pointed to unmanaged, employee-owned printers as a major security concern, and 29% identified vulnerabilities in office printing environments as presenting a major risk. More than a quarter (28%) identified their biggest printer related security challenge as protecting sensitive and confidential information.
Casey Ellis, founder and chief strategy officer at Bugcrowd, says the takeaway for organizations is that print security needs to be priority for decision makers. “Printer and print servers are an excellent place to establish persistence and gain business intelligence on a target,” he says. The CUPS vulnerabilities showed that old, unused printer software can still represent a significant attack surface, especially for internal attacks and lateral movement.
Unfortunately, many organizations might be underestimating the risks or overlooking them altogether. And the shift to cloud/hybrid print environments have made printer infrastructure even more of an invisible issue from a vulnerability management standpoint, Ellis notes. “Let’s be real — the list of people who spend their days thinking about or even interacting with printers is a pretty small one,” he says. “If your vulnerability management process allows out-of-sight, out-of-mind to dictate priority, it’s easy to miss [printer security risks],” he says.
The main takeaway is a general one, Ellis says: “Organizations need to remain diligent about their asset inventory and overall attack surface and ensure that they have a process for evaluating the risk.”
Printers, an Underestimated Risk?
The legacy nature of many printer service environments is another issue, because vulnerabilities can sometimes exist undetected on them for years. Often, these printer environments lack the kind of monitoring tools that are available on other endpoint systems, making them a big target for attackers.
Often flaws are introduced into organizations’ print infrastructure because print services are on by default and administrators are not aware of this, says Tom Boyer, director of security at Automox. “This means that this risk will go unseen for years and adversaries use that to their advantage,” he notes. “They often know more about the target environment than the company themselves.”
The Quocirca survey found security to be the top barrier to adoption of cloud print services as well.
“Although many organizations believe the cloud is more secure than an on-premise environment, security concerns remain a critical barrier to cloud print adoption,” says Nicole Heinsler, chief engineer of security and device management at Xerox. “Overall, there is a disconnect between providers and clients on how the cloud can improve security by managing zero-day threats more effectively, and how data sovereignty can be more easily managed through cloud policies.”
Cloud Printing Cyber-Risks
The survey found that many organizations view resting data — such as print jobs waiting in a queue and documents uploaded to the cloud print service — as a primary risk, Heinsler says: “This is why incorporating zero-trust principles in your cloud print infrastructure, such as authentication and access control, monitoring, detection, remediation, data and document protection, encryption, and automation, is so imperative.”
One way to centralize print management infrastructure is to use cloud print options that deploy a native cloud architecture, rather than to attempt a “lift-and-shift” of traditional on-premises server architecture to a private cloud, she notes. The challenges organizations face will depend on the level of customization their applications have.
“For example, if they use standard print protocols, there’s often little issue with [cloud] integration,” Heinsler says. “[But] specific applications should be subjected to proof of concept before full enterprise deployment.”
Source: https://www.darkreading.com/vulnerabilities-threats/hybrid-work-vulnerabilities-print-security