Malware in PDFs – the next big risk for businesses
When it comes to malware, businesses are normally infected through phishing emails or spam. In most cases, the malware infects a device after its user opens a link or downloads a file containing malware.
Cybercriminals rely on this malicious software to exploit devices, services or networks. Malware is typically used to extract data that can be leveraged for financial gain. Over the years, some of the biggest malware included the Petya ransomware, Mirai botnet and Emotet Trojan – all of which wreaked havoc on organizations.
As malware infiltrates organizations mostly through emails, research by Palo Alto Networks indicates that 66% of malware is delivered through PDFs as malicious email attachments. PDFs have been around for some time and according to Duff Johnson, executive director of the PDF Association, trillions of PDF files now exist in the world and billions more are created daily.
PDF files are commonly used in a business environment, and victims are less likely to be wary of an expected file type, compared to an unexpected file type like EXE. They could also simply be unaware that a PDF could be used for nefarious purposes. Viruses, Trojans, and malware have many ways of hiding inside a PDF and often show up in email downloads or attachments like eBooks and other documents. They usually come from unknown or unfamiliar senders.
The Unit 42 Network Threat Trends Research Report, is backed by telemetry from Palo Alto Networks Next-Generation Firewall, Cortex Data Lake, Advanced URL Filtering and Advanced WildFire. The research also stated that the average number of malware attacks experienced per organization in the manufacturing, utilities, and energy industry increased by 238% (between 2021 and 2022).
“Most people are aware of warnings against clicking strange links in emails, so PDF phishing schemes could fly under their radar better than a text-based email with just a plain link,” states Palo Alto Networks. Scammers are exceptionally skilled with social engineering tactics, as phishing emails are usually designed to manipulate a reader’s emotions or tap into their unconscious biases.
Some popular PDF phishing schemes include naming conventions expected in a business context, such as “invoice_AUG_4601582.pdf” or “Updated Salary Evaluation”, which could lure unsuspecting targets into opening these attachments. They might contain a URL link to click or a button that sends victims to a website with a malicious purpose.
In fact, malware in PDFs are becoming such a menacing problem that NASA’s Jet Propulsion Laboratory (JPL) has created the world’s largest open-source archive of PDFs, containing eight million individual files. These will be used by research groups developing tools to detect malware embedded in the file type’s code.
The corpus is one of several tools JPL has created with the PDF Association to help improve online security. Scientists across the world can use the resource to identify privacy vulnerabilities in software or anticipate future cyber threats.
Dealing with malware in PDFs
When it comes to PDFs, no one knows them better than the godfather of PDFs, Adobe. Having developed PDFs more than three decades ago, the company continues to innovate tools for PDFs and is aware of the growing risks of malware in PDFs.
While there are many proactive ways to protect against hacking, Adobe suggests the following three steps to defend against malware in PDFs. They include:
- Recognizing phishing attempts
- Using a trusted PDF reader
- Running regular virus scans