In a rather new trend, cybercriminals have begun to spread malware by spoofing printers and scanners.
These types of attacks started making headlines in late November 2017, after security researchers at Barracuda Labs witnessed an attack in which cybercriminals spoofed a printer to send a malicious attachment that appeared to be a legitimate file sent by a network printer. This malicious attachment allowed the attacker to install a backdoor to conduct surveillance and gain unauthorized access to the victim’s PC.
Earlier, in September 2017, Comodo detected two similar malware campaigns in which cybercriminals spoofed Konica Minolta copiers, printers, and scanners to send malicious attachments that appeared to be legitimate files sent by the victims’ network device. The Comodo Threat Research Lab made a blog post warning of these attacks and correctly predicting more similar attacks in the near future. But we likely still haven’t seen the last of attacks of this nature. These “printer spoofing” attacks utilize botnets of servers, individuals’ PCs, and new phishing techniques to bypass victims’ suspicions and their cybersecurity tools. To keep yourself and your company safe, here’s a rundown of how the attacks work and the security measures you should take.
Executing the Attack
The cybercriminals behind these attacks are very resourceful. They use sophisticated social engineering techniques to trick users into downloading their malicious attachments. In the case of the attacks detected in September by Comodo, the cybercriminals spoofed the model number that belonged to the Konica Minolta C224e (one of the most common models in businesses across the world) to make the email look inconspicuous.
In this case, the payload was a data-encrypting ransomware which was carefully designed to slip past machine learning algorithm-based tools from leading cybersecurity vendors, infect victims’ machines, encrypt their data, and extract a bitcoin ransom.
These attacks are very sophisticated, and they enable “A very small team of hackers to infiltrate thousands of organizations and beat A.I. and machine learning-dependent endpoint protection tools, even those leading in Gartner’s recent Magic Quadrant.” said Fatih Orhan, head of the Comodo Threat Intelligence Lab and Comodo Threat Research Labs (CTRL). “Because the new ransomware appears as an unknown file, it takes a 100% ‘default deny’ security posture to block or contain it at the endpoint or network boundary; it also requires human eyes and analysis to ultimately determine what it is- in this case, new ransomware.”
The attacks detected by Barracuda also featured spoofed emails delivering malicious PDF attachments that, in this case, gave the cybercriminal unrestricted access to the victim’s PC when downloaded.
So what should you look out for to keep yourself from falling victim to one of these attacks?
Warning Signs of Printer/Scanner Spoofing Malware
According to a recent post by security blog Hackercombat.com, “Attackers seem to focus on PDF-oriented malware, as most users think PDFs sent to their printer or scanner are harmless and coming from a safe source. The email subject reads something along the lines of “scanned from HP” or any printer within the network, and the attachment contains the malicious code. It will have a modified file name, which allows the attackers to hide the deceptive code inside the archive, imitating a ‘.pdf,’ ‘.jpg’, ‘.txt’”
So, while any attachment could be malicious, the one that should raise the biggest red flag is .pdf attachments. But, just to be on the safe side, it’s best to exercise caution when receiving any attachment from a printer, scanner, or copier.
How to protect yourself from these attacks:
There are a few basic measures you can take to protect yourself from printer/scanner/copier spoofing attacks. The same post from Hackercombat.com outlines some basic security measures that could save you. Here’s what you should do:
- Whenever you get an email that seems to be sent from the vendor who has supplied your copier or scanner or printer, get in touch with them over the phone and confirm it’s been sent by them.
- Whenever you get any such email, it’s good to hover the mouse/cursor over the hyperlinks to check if they look legitimate or not.Always double-check things that you are going to download, even if they seem to come from a reliable source.
- Make sure you have proper cybersecurity tools in place to secure your data and the sensitive personal data of your clients/customers.
- Ensure proper back-up of all data, so you can retrieve important information if you are attacked.
- Keep yourself updated on what all is happening in the world of cyber security.
- If you know what types of attacks to expect, you can better prepare for them.
- If you run an enterprise, ensure that your employees are trained in security best practices.Make security a priority; and invest in using the best security software available.