- PHISHING ELECTRONIC POSTERS THAT TRAN
- Check Point highlights how hackers love PDF for customization
- The social engineering attacks used by PDF are also increasing
At least one in five PHISHING electronic emails entails an attached .pdf file, researchers say, warning that the popular archive format is increasingly being used in social engineering attacks.
A new Check Point Research report states that PDF -based attacks now represent 22% of all malicious email attachments, which makes them particularly worrying for companies that share large amounts of these files every day.
In previous years, many of the attacks were based on JavaScript or other dynamic content that is embedded within the files. While this approach is still seen in nature, it has become less common, since JavaScript -based attacks tend to be “noisy” and easier to detect by safety solutions.
The email remains one of the most popular attack vectors, with more than two thirds (68%) of the cyber attacks that begin in this way.
Customization of the link
Today, cybercriminals are turning towards a simpler and more effective approach, says Check Point: Social Engineering.
In general terms, attacks do not differ much from their usual phishing email. The PDF attached file would serve as a launch platform, often with a link that would redirect a person to a malicious destination page or a website that houses malware.
In this way, malicious links are hidden from safety filters, making sure the files are directly received to the inbox.
In addition, placing the link in a PDF gives the attackers the total control: they can change the text, the image or any other aspect of the link, which makes it more reliable.
Archives are often designed to imitate trusted brands such as Amazon, Docusign or Acrobat Reader.
“Although these attacks involve human interaction (the victim must click on the link), this is often an advantage for attackers, since sandboxes and automated detection systems fight with tasks that require human decision making,” Check Point concluded.
