Beware of seemingly harmless emails with PDF attachments. Recent research by cybersecurity firm Palo Alto Networks reveals that these benign-looking files have now become the preferred method for delivering malware via email. In the ever-evolving landscape of cyber threats, this highlights a new turn where the familiar and often trusted format is being weaponized against unsuspecting users.
These malicious emails often contain PDF files named using typical business conventions, such as “invoice_AUG_4601582.pdf” or “Updated Salary”. The aim is to entice users into opening these attachments, which may contain hidden links or buttons that lead victims to websites with malicious intent. The use of social engineering tactics adds a layer of deception, making the threat difficult to detect and even more successful.
While the use of artificial intelligence (AI) in cyberattacks is often speculated, Palo Alto Networks’ research finds that generative AI has not seen a significant increase in real-world usage by malicious actors. However, there has been an explosion in AI-related scams with attempts to mimic popular AI products such as ChatGPT seeing an astronomical growth of over 17,000%. These include squatting domains—website names deliberately designed to resemble popular brands—and the emergence of ‘grayware’, software that falls between normal and malicious, including adware, spyware, and potentially unwanted programs.
The report also sheds light on an alarming trend in the exploitation of vulnerabilities, with a 55% increase compared to 2021. Even Linux—a system renowned for its robust security—is witnessing a rise in malware attacks targeting cloud workload devices, with 90% of public cloud instances running on Linux being affected. This underscores the relentless game of cat and mouse between security researchers and hackers, with the former trying to patch vulnerabilities only for the latter to find and exploit new ones.
Operational Technology (OT) systems—used in critical infrastructure sectors such as energy, transportation, manufacturing, and healthcare—have witnessed a troubling surge in malware attacks. On average, the number of attacks experienced per customer in these industries has increased by 238%. The ramifications of such attacks are severe, given that any disruption to these systems can have catastrophic consequences for public safety, the environment, and the economy.
Cryptomining—a process where users offer their computing power to maintain a cryptocurrency network in exchange for digital coins—has also emerged as a lucrative avenue for threat actors. According to the report, 45% of organizations examined had a signature trigger history related to cryptominer traffic, with such traffic doubling in 2022.
Interestingly, the report indicates that threat actors are more likely to target users visiting adult websites and financial services sites, particularly those with newly registered domains (NRDs). As NRDs typically have weaker cybersecurity infrastructure than well-established websites, they are prime targets for phishing, social engineering, and malware distribution.
Looking ahead, Palo Alto Networks anticipates the spread of malware through vulnerabilities to continue to rise. The complexity of evasive threats is expected to increase, making it crucial for organizations to adopt a holistic view of their security environment. “Organizations must… provide comprehensive oversight of their network and ensure security best practices are followed at every level,” says Sean Duca, VP and Regional Chief Security Officer at Palo Alto Networks.
In summary, the landscape of cybersecurity is constantly evolving. With the rise of PDF-based malware, the weaponization of AI, increased vulnerability exploitation, and the targeting of OT systems and NRDs, organizations must remain ever vigilant. Ensuring robust,comprehensive cybersecurity strategies are in place is no longer optional but a necessity. While technology and digitization have brought unprecedented convenience and efficiency, they have also opened up new avenues for cyber threats. Hence, keeping abreast of the latest developments and deploying best practices in cybersecurity is imperative for maintaining the integrity of our digital world.
The insidious shift to using seemingly benign files such as PDFs for malware delivery should be a wake-up call for all internet users. Vigilance, education, and a healthy dose of skepticism towards unexpected emails or unfamiliar websites could go a long way towards keeping our digital spaces safe. Let this be a reminder that in the world of cybersecurity, even the most harmless-looking file could be a wolf in sheep’s clothing.