Printers a prime target for cyber attacks

The Australian printing and communications industry needs to be ready to protect itself against new waves of ransomware attacks, according to a cyber security specialist.

“The printing industry’s size and reliance on computer technology makes it a prime target for cyber terrorists,” says Burt Mascareigne, director of Sydney-based DropInSecurity. “The industry uses computer systems to drive and maintain print and digital equipment, prepress, Web-2-Print, inventory management, delivery and administration – and it’s all at risk.

The industry was targeted as early as 2015 when an industry equipment supplier became a victim.

“The attack locked up the supplier’s files, including accounts, sales and all history, rendering the business effectively blind," says Mascareigne.

“More recently, an interstate office of a nationally run business was compromised after a staff member opened an emailed invoice attachment purporting to be from a printing client. Although the staff member thought it odd to receive the invoice directly via email, on opening the attachment to investigate, they unknowingly triggered the ransomware attack.

“Within four hours the virus destroyed 80 per cent of all data in the state office network and began infiltrating interstate into head office servers.”

DropInSecurity was called in and blocked the ransomware spread, minimising data loss from the Sydney head office.

“The interstate loss was catastrophic. Worse still, investigation found that staff had not routinely saved their files to a server, using their desktop drives instead. These were compromised and not backed up. The cyber criminals had scanned legitimate printing company websites for staff names and email addresses. These were repurposed to send ‘services rendered’ accounts to individuals in other industry companies.”

Mascareigne says recent global attacks with the CryptoLocker WannaCry and NotPetya ransomware variants are ‘toe dipping’ exercises, testing the preparedness of potential victims for more widespread and sophisticated attacks.

DropInSecurity is already providing Sophos Intercept X anti-ransomware immunisation to printing industry companies.

“This is a world leading technology using machine learning in its development and is designed to identify and block the attempted use of exploits by attackers. Our volume allows us to keep the computer immunisation cost down (less than $4 monthly per machine) including updates. This is a very small cost for any business for the security of their data and peace of mind.”

More information is available from the DropInSecurity website: www.dropinsecurity.com.au or by calling (02) 9194 4299.

DropInSecurity tips to stopping ransomware

1. Backup regularly and keep a recent backup copy off-line and off-site. Offline and off-site means ransomware can’t get to it. With recent backups data loss can be minimized.
2. Enable file extensions. This makes it much easier to spot file types that wouldn’t commonly be sent to you and your users, such as JavaScript.
3. Open JavaScript (.JS) files in Notepad. Doing this blocks it from running any malicious scripts and allows you to examine the file contents.
4. Don’t enable macros in document attachments received via email. A lot of infections rely on persuading you to turn macros on, so don’t do it!
5. Be cautious about unsolicited attachments. If you aren’t sure – don’t open it. Check with the sender if possible.
6. Don’t have more login power than you need. Admin rights could mean a local infection becomes a network disaster.
7. Consider installing the Microsoft Office viewers. These viewer applications let you see what documents look like without opening them in Word or Excel.
8. Patch early, patch often. The sooner you patch, the fewer holes there are for ransomware to exploit.
9. Stay up-to-date with new security features in your business applications. For example, Office 2016 now includes a control called “Block macros from running in Office files from the internet”.