New Assaults to Scanners from Mail Attachments

Originally written by Robert Abel and published at www.scmagazineuk.com

Criminals Spoof Scanners and Printers by the Millions to Spread Malware

Cyber-criminals are spoofing scanners by the millions to launch attacks containing malicious attachments that appear to be coming from the network printer.

Barracuda researchers first witnessed the initial attack in late November 2017 and said the attachment provides the attackers with the ability to initiate covert surveillance or gain unauthorised access to a victim PC backdoor into the victim PC, according to a 21 December blog post.

Shortly after researchers spotted millions of attempts to infect unsuspecting users via email. The attacks impersonate Canon, HP, and Epson brand printers/scanner devices to gain the user’s trust.

“Receiving a PDF attachment in an email sent by a printer is so commonplace that many users assume the document is completely safe,” researchers said in the blog. “From a social engineering perspective, this is exactly the response that the cyber-criminals want.”

Attackers specifically choose PDF generating devices because PDF files can be weaponised to deliver active contents which can be harmful to users because they are more likely to assume they are safe considering the source, researchers added.

The emails subject read something like “Scanned from HP”, “Scanned from Epson”, or “Scanned from Canon,” while containing a malicious file attachment with anti-detection techniques such as modified file names and extensions inside the traditional file archive, which allows attackers to hide the malicious code inside the archive, imitating a ‘.jpg’, ‘.txt’ or any other format.

The malware in the attachments was designed to gain unfettered access to a user’s device including the ability to monitor user behaviour, change computer settings, browse and copy files, utilise the bandwidth to victim’s devices.

To prevent these types of attacks, researchers recommend that users double check with the sender if they receive unexpected files or delete them, hover the mouse over hyperlinks to ensure they look legitimate and not click anything suspicious.

Users should also have training and awareness of advance threat protections.