Learn about Zero Trust Architecture
Impenetrable cybersecurity without sacrificing usability
Gain detailed visibility into all your endpoints activities
Harden applications and hardware environments
Immediate and continuous response to incidents
Close the window of time your data could be exposed
Get your Comodo solutions setup, deployed or optimized
Control access to malicious websites
Defend from any internet based threats
Stop email threats before it enters your inbox
Preserve and protect your sensitive data
Keep your website running fast and malware free
Add encryption to your websites
Automated certificate mgmt. platform
Secure private intranet environments
Digital signature solutions for cloud apps
Encrypt emails for senders and recipients
Stay compliant with PCI DSS
Trusted authentication for IoT devices
Francisco Partners a leading technology-focused private equity fund, has acquired a majority stake in Comodo’s certificate authority business. Newly renamed from Comodo CA Limited to Sectigo Limited. Privacy Policies, Trademarks, Patents and Terms & Conditions are available on Sectigo Limited’s web site.
Meet the people behind the direction for Comodo
Get the latest news about Comodo
People are the key to achievement and prosperity
Stay up to date with our on-demand webinars
Worldwide: Sales, Support and General Inquiries
Schedule a live demonstration of our solutions
Need immediate help? Call 1-888-551-1531
Instantly removes viruses to keep your PC virus free
Experience true mobile security on your mobile apple devices
Secure Internet Browser based on Chrome
Chrome browser internet security extension
Submit a ticket to our support team
Share any product bugs or security flaws
Collaborate with research experts on data sets
Valkyrie Threat Intelligence Plugins
Valkyrie Threat Intelligence APIs
In a rather new trend, cybercriminals have begun to spread malware by spoofing printers and scanners.
These types of attacks started making headlines in late November 2017, after security researchers at Barracuda Labs witnessed an attack in which cybercriminals spoofed a printer to send a malicious attachment that appeared to be a legitimate file sent by a network printer. This malicious attachment allowed the attacker to install a backdoor to conduct surveillance and gain unauthorized access to the victim’s PC.
Earlier, in September 2017, Comodo detected two similar malware campaigns in which cybercriminals spoofed Konica Minolta copiers, printers, and scanners to send malicious attachments that appeared to be legitimate files sent by the victims’ network device. The Comodo Threat Research Lab made a blog post warning of these attacks and correctly predicting more similar attacks in the near future. But we likely still haven’t seen the last of attacks of this nature. These “printer spoofing” attacks utilize botnets of servers, individuals’ PCs, and new phishing techniques to bypass victims’ suspicions and their cybersecurity tools. To keep yourself and your company safe, here’s a rundown of how the attacks work and the security measures you should take.
Executing the Attack
The cybercriminals behind these attacks are very resourceful. They use sophisticated social engineering techniques to trick users into downloading their malicious attachments. In the case of the attacks detected in September by Comodo, the cybercriminals spoofed the model number that belonged to the Konica Minolta C224e (one of the most common models in businesses across the world) to make the email look inconspicuous.
In this case, the payload was a data-encrypting ransomware which was carefully designed to slip past machine learning algorithm-based tools from leading cybersecurity vendors, infect victims’ machines, encrypt their data, and extract a bitcoin ransom.
These attacks are very sophisticated, and they enable “A very small team of hackers to infiltrate thousands of organizations and beat A.I. and machine learning-dependent endpoint protection tools, even those leading in Gartner’s recent Magic Quadrant.” said Fatih Orhan, head of the Comodo Threat Intelligence Lab and Comodo Threat Research Labs (CTRL). “Because the new ransomware appears as an unknown file, it takes a 100% ‘default deny’ security posture to block or contain it at the endpoint or network boundary; it also requires human eyes and analysis to ultimately determine what it is- in this case, new ransomware.”
The attacks detected by Barracuda also featured spoofed emails delivering malicious PDF attachments that, in this case, gave the cybercriminal unrestricted access to the victim’s PC when downloaded.
So what should you look out for to keep yourself from falling victim to one of these attacks?
Warning Signs of Printer/Scanner Spoofing Malware
According to a recent post by security blog Hackercombat.com, “Attackers seem to focus on PDF-oriented malware, as most users think PDFs sent to their printer or scanner are harmless and coming from a safe source. The email subject reads something along the lines of “scanned from HP” or any printer within the network, and the attachment contains the malicious code. It will have a modified file name, which allows the attackers to hide the deceptive code inside the archive, imitating a ‘.pdf,’ ‘.jpg’, ‘.txt’”
So, while any attachment could be malicious, the one that should raise the biggest red flag is .pdf attachments. But, just to be on the safe side, it’s best to exercise caution when receiving any attachment from a printer, scanner, or copier.
How to protect yourself from these attacks:
There are a few basic measures you can take to protect yourself from printer/scanner/copier spoofing attacks. The same post from Hackercombat.com outlines some basic security measures that could save you. Here’s what you should do:
Website Safety Check
Free Malware Scanner
Website Vulnerability Scanner
Free Website Hosting
Check Website Safety
Tags: cybersecurity,printer attack
Reading Time: 4 minutes Increased dependency on computers and access to data makes an organization more vulnerable to cybersecurity threats. With the increase in cyber-criminals and cyber-attacks, many companies today are looking for greater protection of their decentralized computing work environments from their Managed Service Providers (MSPs). As a result, MSPs need to deliver firewall solutions that are designed…
Reading Time: 3 minutes Disruptions are often unforeseen. This could be a catastrophic event like a hurricane, a fire, or an earthquake. Disruptions, however, can also come in other forms such as that of a pandemic. This means that a building doesn’t necessarily have to be demolished or lives have to be lost for an unforeseen event to completely…
Reading Time: 4 minutes There should be no doubt in anyone’s mind that the coronavirus pandemic will reshape our education systems. It has already altered how students around the world learn and share knowledge with their peers in just a matter of months. Those changes can give insight into how education will progress in the long run, for better…
Sign up to our cyber security newsletter
Comodo Cybersecurity would like to keep in touch with you about cybersecurity issues, as well as products and services available. Please sign up to receive occasional communications. As a cybersecurity company, we take your privacy and security very seriously and have strong safeguards in place to protect your information.
See how your organization scores against cybersecurity threats