Moscow, November 18, 2021 — Information Agency “Business-Inform” together with the Association of Quality Consumables Manufacturers and Suppliers presented the results of the vulnerability research for office printing devices and the recommendations for removing the vulnerabilities.
Information Agency “Business-Inform” together with the Association of Quality Consumables Manufacturers and Suppliers (AQCMS), on 18th of November, this year, held the Сonference “The Issues of Informational Safety and the Corresponding Solutions Concerning the Usage of Office Printing Devices in Corporate Networks”. During the Conference the results of the research were shown concerning the vulnerabilities found in office printing devices in Russian and International organizations in 2018-2021, as well as the recommendations on how to remove them. A special attention, during the Сonference, was paid towards the modern policies of informational protection of businesses’ corporate networks, as well as towards the issues related to the practice of workflow system usage (IT-outsourcing, MPS, the usage of remanufactured cartridges and newly-built cartridges). The Сonference saw the participation of representatives from 144 Russian businesses and organizations, as well as from the leading Russian and International experts in the field of informational safety.
During the conference 4 reports were heard:
- “The COVID-19 Pandemic Changes and Raises the Requirements towards Information Safety” (speaker – Stanislav Malinskiy, Russian University of Transport)
The report theses: The growth of cyber-crime rates during the COVID-19 pandemicis a worldwide problem; the growth of the incidence rate, transfer to working at home, emergence of the new vulnerabilities, the growth of a number and intensity of cyber-attacks; the cyber-crime stats for 2020-2021; all spheres of economy are under attack, especially healthcare and finance; during March-May 2020 the hackers sites and forums traffic has grown 66%; the remote work breeds vulnerabilities (through home-printers as well); the trend of the recent years is criminals switching to using outsourcing, the emergence of “crime as a service”; the transformation of informational safety policy is necessary; the new perspectives of informational safety policy based on the “Zero Trust” principle; printing devices and their vulnerabilities; new requirements towards the control of printing devices; cartridges carry the vulnerabilities as well.
- “While The Criminals Unite, the Cyber-Threats Grow” (speaker – Stanislav Malinskiy, Russian University of Transport)
The report theses: The growth of crime rates during the COVID-19 pandemic is a worldwide problem; the hybrid working forms, implementation of Cloud technologies, the development of the IT-outsourcing, sacking of information safety employees, the insulted employees during the obligatory vaccination – all these are just a minor parts of a basis for the modern cyber-crime rate rapid growth;the trend of the recent years is criminals switching to using outsourcing; the wide circulation of RaaS (ransomware-as-a-service) on the Internet; the multi-level list of malicious software packages: form “testing” one-month package for 90 dollars to “elite” subscription 12 months package for 1400 dollars; criminal groups creating such web-sites are working on the principles of license models sales; the cyber-crime creating new work-places; the emergence of new thematic sites with products for cyber-fraud became a driver for growth of low-qualified members of hacker-communities; new cyber-threats with ransomware usage; printing devices creating new vulnerabilities.
- “The Principles, Components and Issues of “Zero Trust” (speaker – Stanislav Malinskiy, Russian University of Transport)
The report theses: The growth of crime rates during the COVID-19 pandemic; Zero Trust – is a safety model implying the total absence of trust towards any user, device or application; the main components of the zero trust architecture according to “NIST Special Publication 800-207: Zero Trust Architecture”; the requirements of zero-trust towards the operational systems and input/output devices and their functions; software updates as a new source of vulnerabilities; OEM and non-OEM cartridges carry new threats; preventive protection measures; the necessity to continuously monitor the network; if a data-theft is inevitable, the cryptography may help; corrections of existing informational safety policies are inevitable; the tendencies of the development of the Russian office printing market in the existing conditions.
- “Printers, MFPs and Cartridges – the Sources of Vulnerabilities; the Recommendation on Procurement, Usage and Disposal; the Responsibility of Suppliers and Users According to the Russian Legislation” (speakers – Alexander Semenov, “Business-Inform” Legal Agency, Alina Savinova, Information Agency “Business-Inform”)
The report theses: Office printing and its managing: software-technical aspects; the “holes” in system and application software; patches and their role for hackers and informational safety specialists; printers and MFPs as sources of vulnerabilities; the solutions from the manufacturers of printing devices, are they to be trusted; certificates on informational safety of printing devices and how can they be related to the Russian market; firmware and its upgrades; what are the aims of manufacturers; remote working places bringing new problems; cartridges (OEM, remanufactured, newly-built) and chips – one more group of informational safety issues; what is chip doing: the statements of manufacturers and the opinion of informational safety researchers; the spying devices and what is stated on the topic in criminal and administrative codes of the Russian Federation; the overview of court proceedings sings August 13, 2019; the responsibility of suppliers and the responsibility of users; the issues of disposal of printing devices and supplies from informational safety specialists’ perspective: the overview of wrong solutions and practical recommendations for 2022.
The participants of the Conference discussed together with the speakers the provided information, the results of the research on the vulnerabilities found in office printing devices in Russian and International organizations in 2018-2021, as well as recommendations on their removal. A special attention of the Conference participants was paid towards the modern policies of data protection of corporate networks, as well as towards the issues related to the practice of workflow system usage (IT-outsourcing, MPS, the usage of remanufactured cartridges and newly-built cartridges). As a nice surprise for all the Conference participants came the new issue of BUSINESS-INFORM Review magazine (issue #32, 2021) and its appendix “Testing and Quality” (October, 2021).
AQCMS: info@aqcmsrus.ru, https://aqcmsrus.ru/
BUSINESS-INFORM: bizinform@list.ru, http://sforp.ru/
