The reason is simple. Most printers aren’t as well protected as PCs and other devices on your network. They’re the weak point in your company’s defensive armor.
The upsurge in this type of attack seems to be focused on Cannon, HP and Epson printers, and works like this:
A printer is compromised and used to send spoofed scanned attachments, usually bearing an innocuous subject line such as “Scanned From HP,” “Scanned from Epson” or “Scanned from Cannon.”
Most employees don’t think twice about opening such attachments because they appear to be from a legitimate source inside the company, which is, of course, exactly what the hackers are counting on.
While any sort of payload can be delivered in this manner, the most common strain found installs a back door on the target PC, allowing the hackers to:
- Monitor behavior and log keystrokes
- Change computer settings
- Copy files
- Access other connected systems
- And more.
In a clear indication that the malware could be used to launch a ransomware style attack, it also gives the hackers the ability to replace the PC’s wallpaper with any file they choose.
Employees should be more mindful about this type of attack and always double check to make sure the sender is valid. Also, it’s important to hover over the links embedded in such emails in order to be sure they’re valid before clicking on them.
If you haven’t been on the receiving end of an attack like this yet, count yourself lucky and stay vigilant.