A new twist in the tale as old as...computers. Cyber-criminals are now impersonating network printers in an attempt to spread malware as attachments that appear to be coming from the network printer.
Researchers first witnessed the initial attack in late November 2017 and said the attachment provides the attackers with the ability to initiate covert surveillance or gain unauthorized access to a victim PC backdoor into the victim PC according to a Dec. 21 blog post. The attacks impersonate Cannon, HP, and Epson brand printers/scanner devices to gain the user's trust.
“Receiving a PDF attachment in an email sent by a printer is so commonplace that many users assume the document is completely safe,” researchers said in the blog. “From a social engineering perspective, this is exactly the response that the cybercriminals want.”
PDF files are the most common type of file used, as they can be weaponized to deliver active contents which can be harmful to users because they are more likely to assume they are safe considering the source, researchers added.
What can you do?
The best way to protect against this type of scam is to ensure users have training and awareness of advance threat protections.
Making sure everyone in your organization is familiar with what a REAL email from your machine looks like is the first step
- Take note of the email subject. You may find it a good idea to implement a designated subject that everyone inputs before scanning a document. The scam emails subject read something like “Scanned from HP”, “Scanned from Epson”, or “Scanned from Canon.” If the subject doesn't match what users are expecting, they can immediately delete the email.
- Take note of the email address the machine normally uses to send documents. Researchers recommend that users double check with the sender if they receive unexpected files or delete them, hover the mouse over hyperlinks to ensure they look legitimate and not click anything suspicious.
- We also recommend changing the name of the attachment on the machine to something specific and descriptive before sending a document. This way there is no confusion as to what the recipient is receiving before they open it.
- Read through the Security White Paper for your machines. Contact your rep if you're worried about a threat and they can send you a copy and even walk you through how to implement these precautions.