In a shocking twist, hackers are now turning your everyday office devices against you. Forget the usual methods; these cybercriminals are utilizing printers to launch new hacking attacks aimed at Windows systems! Here’s why you need to be vigilant.

The Ingenious Hackers Strike Again!

It’s no secret that hackers are always on the lookout for new vulnerabilities to exploit. Previously, we’ve seen them commandeer SMS systems and smartwatches to breach even the most secure air-gapped networks. But now, a fresh threat has emerged, catching many off-guard: printers!

How Your Printer Can Be Weaponized

A recent report from the Varonis Managed Data Detection and Response Forensics team reveals that an ongoing hacking campaign has already targeted at least 70 U.S.-based organizations. These hackers are cleverly leveraging a little-known Microsoft 365 feature called Direct Send, which allows devices to send emails without authentication. Sounds harmless, right? Wrong!

According to expert Tom Barnea, this method lets hackers spoof internal users and spread phishing emails without needing to compromise any accounts. This tactic allows malicious messages to fly under the radar, escaping scrutiny usually reserved for standard emails.

The Campaign's Timeline

Investigation shows that this malicious campaign began in May 2025 and has shown consistent activity over the past couple of months, raising alarm bells among cybersecurity experts. With printers being put in the hacker's toolbox, users of Microsoft 365 need to be extra vigilant.

How to Combat the Printer Hack Threat

So, how can organizations safeguard themselves against these printer-related attacks? Varonis suggests immediate action: - Enable "Reject Direct Send" in the Exchange Admin Center. - Establish a strict DMARC policy. - Flag unauthenticated internal emails for review. - Implement SPF hardfail within Exchange Online Protection. - Adopt Anti-Spoofing policies.

Microsoft's Response

In light of these developments, Microsoft reassures its customers that most users don’t need the Direct Send feature. They're developing options to disable it by default, thereby enhancing overall security. Microsoft emphasizes that Direct Send should only be utilized by advanced customers who understand the responsibilities of email server administration.

Stay informed and proactive—your printer may just be a hacker’s new best friend!