Malware threats doing the rounds in flatbed scanners

A team of three Israeli security researchers released a proof concept about the possibility of remote attackers exploiting the vulnerabilities in scanners to deliver malware. Using the light sensitivity of the scanner, the researchers devised several methods to deliver data through nearby lasers to another drone or even a passing car within an environment in a clear line of sight. This could well be the start of ransom ware attacks.

Their paper, “ Oops!...I think I scanned a malware” , explains how attackers exploit the devices like sheet fed scanners, integrated scanners, drum scanners and also portable scanners which is mostly used in offices worldwide.

The researchers demonstrated this by using the light in the flatbed scanner to infiltrate the air gapped systems. An air gap is a network security measure employed on one or more computers to ensure that a secure computer network is physically isolated from unsecured network. This method reflects the loopholes in the organization scanner which serves as a gateway to the organization’ s sensitive information and it remains as a tunnel or a channel between the attacker and the organization.

“ This research highlights that even the process of air-gapping devices does not guarantee that breaches can be prevented," says Michael Patterson, CEO of Plixer. He further added, " Any form of data communication that does not require a physical connection becomes a point of vulnerability."

Organizations need to scrutinize the traffic flow between these air gapped network using traffic analysis and behavior analysis tools to gain visibility over the networks. There is some possible precaution that can be taken against these malware, it involves closing the scanner so light cannot be projected on the pane when the scanner is closed and a covert channel cannot be created.

Tag : Malware
FAQ
Q
What is trojan malware?
A
One of the most common forms of malware -- the Trojan horse -- is a form of malicious software which often disguises itself as a legitimate tool that tricks the user into installing it so it can carry out its malicious goals.
Q
What was the first computer virus?
A
The origin of the first computer virus is hotly debated: For some, the first instance of a computer virus -- software that moves from host to host without the input from an active user -- was Creeper, which first appeared in the early 1970s, 10 years before the actual term 'computer virus' was coined by American computer scientist Professor Leonard M. Adleman.
Q
What is malware?
A
Malware is shorthand for malicious software. It is software developed by cyber attackers with the intention of gaining access or causing damage to a computer or network, often while the victim remains oblivious to the fact there's been a compromise. A common alternative description of malware is 'computer virus' -- although are big differences between these types malicious programs.
Q
How to protect the site?
A
Here are some good security practices to protect your website moving forward:
1.Update your software. This includes your CMS (WordPress, Joomla, etc.), plugins, themes, and server software.
2.Use strong passwords. From your administrator login page to FTP users, always choose long, complex, and unique passwords for your website management accounts.
3.Use a Web Application Firewall. A WAF will filter all HTTP/HTTPS traffic between your server and your visitors, blocking known attacks and virtually patching your site even if you forget to update.
Q
What are the information that gather malicious code?
A
The malicious code gathers information from the visitor, such as:

User Agent
IP Address
Referrer
HTTP Accept-Language