- Phishing emails carrying PDF attachments are increasing, warns the report
- Check the point underlines how pirates love PDF for personalization
- Social engineering attacks using PDFs are also increasing
At least one in five out of five email contains an .pdf attachment, say the researchers, warning that the popular file format is increasingly used in social engineering attacks.
A new report by Check Point Research claims that attacks based on PDF now represent 22% of all malicious attachments, which makes them particularly concerning companies sharing large quantities of these files every day.
In previous years, many attacks were based on JavaScript or other dynamic contents integrated into the files. Although this approach is still observed in nature, it has become less common, because attacks based on JavaScript tend to be “noisy” and easier to detect by safety solutions.
Email is one of the most popular attack vectors, with more than two -thirds (68%) of cyber attacks from this way.
Link customization
Today, cybercriminals rotate towards a simpler and more effective approach, says the control point – social engineering.
In general, attacks do not differ much from your usual phishing email. The PDF attachment would serve as a launch ramp, often bringing a link that would redirect a person to a malicious destination page or a website hosting malicious software.
In this way, malicious links are hidden in safety filters, ensuring that the files are received directly in the reception box.
In addition, the place of link in a PDF gives total control to the attackers – they can modify the text, the image or any other aspect of the link, which makes it more reliable.
The files are often designed to imitate trusted brands like Amazon, Docusign or Acrobat Reader.
“Even if these attacks involve human interaction (the victim must click on the link), this is often an advantage for attackers, because sandboxes and automated detection systems have trouble with tasks that require human decision -making,” said Check Point.
