Credentials are the key to any system or application as they enable users to securely authenticate to a service and access resources or processes. Credentials on their own aren’t an adequate security control because attackers are able to brute force passwords after obtaining usernames through username harvesting using Open Source Intelligence (OSINT). Another common use of credentials available to attackers through OSINT is via ‘default credentials.’ Most systems & appliances come with a set of ‘default credentials’ that can be used during setup, when these credentials are not changed from their documented username and password in user manuals they can be easily discovered and exploited.
Printers are an excellent example of this exploitation as they are a commonly overlooked network device. They are not only receiving data but, in some cases, they store this data locally on a disk which through file transfer protocol (FTP) or other methods to log onto the device, can be accessed by attackers easily. If default credentials are not changed, they can be used to obtain sensitive information that may have been scanned by the printer and stored locally. They can be used to obtain corporate address book details set up for scanning to email. Then this list of email addresses can be used in social engineering or phishing attacks.
Azure can help protect against these sort of attacks as it can force users to authenticate to a printer server, rather than the actual printer to ensure that the printer isn’t directly exposed to other network devices. Through this method, even if you still have default credentials setup on your printer, which is not advised, it would not be accessible by an attacker as they would have to authenticate through the printer server first before gaining any clues on how to communicate with the actual printer. Through an effective MDR setup these authentication attempts would be flagged for a security analyst to triage and alert on.
The general premise is when it comes to securing a system, appliance, or application, is to ensure that a layered approach is implemented so that attackers are presented with a non-linear approach.