Cyber-criminals are spoofing scanners by the millions to launch attacks containing malicious attachments that appear to be coming from the network printer.
Barracuda researchers first witnessed the initial attack in late November 2017 and said the attachment provides the attackers with the ability to initiate covert surveillance or gain unauthorised access to a victim PC backdoor into the victim PC, according to a 21 December blog post.
[...] “Receiving a PDF attachment in an email sent by a printer is so commonplace that many users assume the document is completely safe,” researchers said in the blog. “From a social engineering perspective, this is exactly the response that the cyber-criminals want.”
[...] The emails subject read something like “Scanned from HP”, “Scanned from Epson”, or “Scanned from Canon,” while containing a malicious file attachment with anti-detection techniques such as modified file names and extensions inside the traditional file archive, which allows attackers to hide the malicious code inside the archive, imitating a ‘.jpg', ‘.txt' or any other format.
The malware in the attachments was designed to gain unfettered access to a user's device including the ability to monitor user behaviour, change computer settings, browse and copy files, [and] utilise the bandwidth to victim's devices.
(Score: 3, Interesting) by frojack on Wednesday January 03 2018, @05:44AM (8 children)
Apparently there are people who still do.
I see these all the time, invariably in my spam folder, invariably all purporting to come from my own network. I suppose if I worked for a huge organization I might fall for that, but probably not. If I wasn't expecting it from a specific person I don't open it. And, as I say, spamassassin has it marked as spam anyway.
I don't read pdf files on windows any more. Or with Adobe software.
No, you are mistaken. I've always had this sig.
(Score: 1, Insightful) by Anonymous Coward on Wednesday January 03 2018, @09:26AM (1 child)
A campaign like this is successful even if only 1 in 100K people fall for it. It's the same with malvertisment. There's also the chance that people open them by accident due to misclicking and given the trend to butcher UI's into barely useable garbage this will become ever more common.
(Score: 0) by Anonymous Coward on Wednesday January 03 2018, @09:31AM
PS: What surprises me more is that despite executable and script whitelisting being a thing since 2008/2009 on windaz organizations go out of their way to never deploy these measures (despite paying for the versions of the OS that offer them).
(Score: 0) by Anonymous Coward on Wednesday January 03 2018, @01:26PM (1 child)
hey so do you read pdfs on linux with adobe software and on windows without it?
new year means im trying not to be a grammar nazi but i at least can point out poor structure and unclear presentation of thought. dig.
(Score: 2) by frojack on Wednesday January 03 2018, @08:14PM
I would expect better English parsing skills, even from an AC too stupid or lazy to sign in.
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Wednesday January 03 2018, @02:01PM
I have seen people open these types of emails in organizations that rely on document management systems. Often the recipients get a steady stream of network scans and are desensitized to unexpected links or attachments.
(Score: 2) by Grishnakh on Wednesday January 03 2018, @04:40PM (2 children)
Anyone who works for a company with a network scanner would, and *should*, open these things. That's how network scanners work. You go to the big-ass printer/scanner/copier down the hall, put your documents on the sheet feeder, press "scan" and tell it to send them to you, and it scans them in, makes a PDF, and emails it to you.
Not using Adobe software is generally inadvisable too. How else are you going to cryptographically sign PDFs your company needs you to sign?
Basically, you're applying your own thinking from your home computers to the way enterprises work, and that doesn't translate.
Personally, I applaud the malware writers for making people suffer for choosing a monoculture and Windows.
(Score: 2) by frojack on Wednesday January 03 2018, @08:33PM
Clue: Adobe does not have the market cornered on cryptographic signatures.
https://www.digitaltrends.com/computing/best-pdf-editors/ [digitaltrends.com]
https://www.pcmag.com/business/directory/electronic-signature [pcmag.com]
I would know if my company had a network scanner and would be able to distinguish between those and obvious fakes from random email addresses. And so would spamassassin.
No, you are mistaken. I've always had this sig.
(Score: 1) by Goghit on Thursday January 04 2018, @02:57PM
This. I had an archiving project at work that involved spending a half hour down the hall feeding batches of paper into the network printer/scanner, than going back to my desk and spending the next half hour renaming files and checking the quality of the scans. If one of these had hit my email queue at the wrong time I would have been toast.