You may have seen mention of the Mirai botnet attack.  It was the recent Distributed Denial of Service (DDoS) attack that adversely affected Amazon, Twitter, PayPal and many other popular websites for a time in September and October.

What is DDoS you ask, distributed denial of service or DDoS is an unsophisticated form of attack.  The attack tries to overwhelm internet sites with spam traffic from under-secured Internet of Things (IoT) devices that have an IP address and can be remotely accessed via easily obtained or guessable login credentials, usually factory default usernames and passwords. The devices can include DVRs, cameras, printers, thermostats, appliances and smart cars just to name a few.   The devices attack a site so that legitimate users can’t get through. DDoS is a war in which whoever has the most computing power, defender or attacker, usually wins.

Articles were circulating listing Xerox Multifunction Printers as a point of entry for this malware.  Well that is not accurate.  Let’s take a look at some of the information provided by the Xerox security site.  Our machines were tested and here are the findings.  The following is an excerpt from the information provided on the Xerox security site:

What is Xerox Doing About This? Xerox has studied the botnet source code and determined that it cannot successfully attack any Xerox device. The two services the botnet uses, telnet and SSH, to open a command line are not supported.
Impact Xerox devices may be targeted but cannot be successfully attacked. See below for recommendations on what you can do to prevent your Xerox device from being controlled by unauthorized individuals.
What Should You Do?
  • Don’t connect your Xerox device directly to the public Internet. Make sure it’s behind a firewall or router so that only you and your users have access to it. This keeps outsiders from accessing the machine and interrupting your business. Please check with your IT department if you’re unsure.
  • Don’t leave the administrator’s password set to the default. Change it so that unauthorized individuals can’t easily guess it and take control.
  • Choose a password that is at least 8 (eight) characters in length with a combination of letters, numbers and special characters.
  • Never share the administrator’s password with anyone who does not have a legitimate need to know.

 

Remember that this is just one malware/virus/hack.  There are many out there and new ones showing up all the time.  Be assured that we do our best to stay on top of the security issues and risks that might potentially impact your Xerox machines.  But to successfully fight this hacker battle you need to stay informed by visiting the Xerox Security site often for updates.

To review the information about the Mirai botnet attack findings please navigate over to the Xerox Security page and click on the Learn more link.  While you are on the security page please check for any other updates concerning your machine by entering your machine model(s) and see if there is anything you need to do to increase the security of your Xerox machines. See screen shot below with the sections to review.

security

More information about security is available on the support pages for your machine.  You can ask questions on the Xerox Customer Support Forum or contact in to your local support centre.

Help us help you fight the good fight against hackers, viruses, and malware by staying informed and up-to-date by actively reviewing the security site periodically or when you hear of a new attack.