Printer-spoofing Campaign Installs Espionage-Bent Backdoors Inside the Enterprise

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
For many large organizations, emails from corporate printers and scanners are commonplace, and cyber-criminals are finding this vector to be a lucrative host to launch cyber-attacks.

Barracuda Networks has tracked an uptick in attacks through Canon, HP and Epson printer and scanner email attachments of late: Since late November, cyber-criminals have made millions of attempts to infect unsuspecting users by sending impersonated or spoofed emails from these common printer and scanner brands, with attachments that contain malware.
Click to expand...

“Aside from the coffee maker and the office water cooler, few devices receive the magnitude of use that the corporate printer is subjected to on a daily basis,” said Barracuda SVP of technology, Fleming Shi, in a blog. “This is because these machines function way beyond the boundaries of a simple printer; in fact, they’re commonly used to scan and copy pages and can even be called upon to send emails of scans as an easy way to receive PDF versions of documents.”
Click to expand...

Once unpacked, the malware installs a backdoor on the machine that offers unauthorized access to a victim PC and cyberespionage capabilities. This includes the ability to monitor user behavior, change computer settings, browse and copy files, utilize bandwidth for criminal activity, access connected systems, and more. It also scans connections in an attempt to escalate from having user rights on the workstation to having local administrator rights.
Click to expand...

Workers should use common sense to avoid the threat: Shi advocates double-checking with the sender if one didn’t know a scanned document was coming; hovering the mouse over every hyperlink to make sure it’s legitimate; and simply not clicking if there’s any doubt whatsoever.
Click to expand...
 
  • Like
Reactions: harlan4096 and shmu26
E

Entreri

Level 7
Verified
May 25, 2015
342
I get some of this garbage where I work, comes through the filters. It is up to IT to assume the staff will open these and act accordingly.

These freaks typically come with "urgent", or do it now or before "x" expires and the apocalypse occurs. I yawn, nice try losers.
 
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • Wow
Technology HP will rent you a printer, so you don’t have to buy it. But the offer comes with strings attached
Replies
1
Views
271
Technology News
blackice
blackice
silversurfer
    • Like
China-Linked Actor Taps Linux Backdoor in Forceful Espionage Campaign
Replies
0
Views
1,184
News Archive
silversurfer
silversurfer
silversurfer
    • Like
    • +Reputation
    • Thanks
TetrisPhantom: Cyber Espionage via Secure USBs Targets APAC Governments
Replies
0
Views
875
News Archive
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top