google-site-verification: google30a059f9a075f398.html

Phished email spun criminalized spoof scanners and printers to spread malware by millions

printer/scanner devices are being impersonated or spoofed by email that contains malicious attachments known to have malware
printer/scanner devices are being impersonated or spoofed by email that contains malicious attachments known to have malware

Cybercriminals are sending e-mails via e-mail attachments to trick malicious scanners and printers into spreading malware millions of times. They are sending their elaborate emails to lure unsuspecting participants to launch attacks that contain malicious attachments that appear to be coming from network printers by dodging malware detection and scanners devices.

Barracuda researchers first discovered a preliminary attack in late November 2017 (read the blog https://blog.barracuda.com/2017/12/21/threat-spotlight-clever-cybercriminals-spoof-scanners-by-the-millions/#more-20309) and stated that the attachment provided the attackers with an ability to inspect or gain unauthorized access to the victim’s personal computer for access to the victim’s personal computer.

Researchers have found millions of times trying to infect unsuspecting users by e-mail. These attacks pretend to be Cannon, HP and Epson brand printer/scanner devices to gain the trust of users.
In a blog post, the researchers said: “It is so common for PDF attachments to be received in the e-mail sent by the printer that many users consider the document completely secure.” From a social engineering point of view, this is exactly what cybercriminals want Respond. ”

The researchers added that attackers chose PDF generation devices specifically because PDF files can be armed to provide content that is detrimental to the user as they are more likely to consider the source to be secure.
E-mail topics read Scan from HP, Scan from Epson, or Scan from Canon, along with malicious files with anti-detection techniques (such as modified filenames and extensions) in traditional file archives Attachments allow an attacker to hide malicious code in files, mimicking “.jpg”, “.txt”, or any other format.

Malware in the attachment is designed to gain unrestricted access to user devices, including monitoring user behavior, changing computer settings, browsing and copying files, and utilizing bandwidth to victim devices.
To prevent these types of attacks, researchers suggest that if a user receives an unexpected file or deletes it, double-check it with the sender and hover over the hyperlink to make sure they look legitimate, Instead of clicking on any suspicious content. Users should also be training and awareness of advanced threat protection.

How does this attacker work?
Let’s see how criminals use common spoofing techniques to launch attacks that include malicious attachments that appear to come from networked printers.

 

Scanner Spoofing with Malicious Accessories – Cannon, HP, and Epson brand printer/scanner devices are being mimicked or tricked by emails of known malware that contain malicious attachments. These cybercriminals are using clever malware to remain undiscovered and cause the most damage.

Detail:
In the past month, the researchers from Barracuda have been tracking the activities of cybercriminals who spread malware by cheating printer / scanner attachments in emails. We witnessed initial attacks in late November, and soon after, millions more tried to infect unsuspecting users by e-mail.

It is so common for PDF attachments to be received in the e-mail sent by the printer, so many users think the document is completely secure. click to enter
Smart Malware: Often the subject line of malicious email reads reads that resemble “scan from HP,” “scan from Epson,” or “scan from Canon,” along with malicious files that contain anti-detections technology Attachments:

1) Wrong file extension
These threats are using file names and extensions that are modified from traditional files, allowing attackers to hide malicious code in files that mimic “.jpg”, “.txt”, or any other format. This can be done by using various methods, such as exploiting the WinRAR file to extend the spoofing vulnerability.
By abusing file extensions, cybercriminals can sometimes circumvent security measures such as email anti-virus systems. This allows the attack to eventually reach the end user’s email account.

2) remote file download
This malware attachment provides an attacker with the ability to initiate clandestine surveillance or unauthorized access to the compromised PC. When the user clicks on the threat attachment, the malware is triggered and the communication protocol established at the time of the first infection is configured. This backdoor into the compromised PC allows unrestricted access, including the ability to monitor user behavior, change computer settings, view and copy files, take advantage of bandwidth (Internet connection) for possible criminal activity, access connected systems, and the like.

User Wallpaper Modifications: An attacker modifies the victim’s wallpaper by using the “shell” command to upload the victim’s wallpaper to the victim’s system and set the image as a wallpaper.
Identify user / domain shares on your system: Once these attackers compromise your users’ systems with malicious code in attachments, they can use Windows Explorer to search for shares on your system. They can take advantage of this by upgrading from user rights on the workstation to having local administrator rights and easily searching the domain SYSDOL DFS share for an XML file that contains credentials.

Determine the size of the disk: In addition, this malware can check the network connection system and try to connect to \\ FoundSystemName \ C $. If the connection is successful, you have full access to the contents of the drive, including the size of the disk.
Here are some examples of this threat, showing how an attacker tried to convince the victim to click on an attachment.

Take Action: Safety Tips and Precautions

To prevent these types of attacks, researchers suggest that if a user receives an unexpected file or deletes it, double-check it with the sender and hover over the hyperlink to make sure they look legitimate, Instead of clicking on any suspicious content. Users should also be training and awareness of advanced threat protection.

• If you do not know that the scanned document is about to arrive, delete the file or double check with the sender to make sure you think the person who is sending the scanned document is really conscious.
• Hover your mouse over each hyperlink to make sure it looks legal.
• If you have any questions or doubts, do not click!

User Training and Awareness and Advanced Threat Protection – Employees or anyone using e-mail should be regularly trained and tested to increase their awareness of the safety of various similar attacks, such as these phishing attempts. Simulated attack training is by far the most effective form of training.

Layered training using an email security solution that provides sandboxing and advanced threat protection should be stopped from spam, phishing attacks, and malware reach the corporate mail server or the user’s inbox. In addition, you can use link protection to deploy anti-phishing protection to find links to sites that contain malicious code. Malicious software attachments are blocked even if malicious code is hidden in the contents of the attached document.

If you like to receive more of these curated news alerts then subscribe to my mailing list.