Check point report warns: PDFs are the latest cyber weapon of choice.

In a recent report by check point research, they have raised alarms about the increase of cyberattacks that use PDF files as carrier of malicious content. According to the report, where emails are responsible for 68% of all cyberattacks, 22% of them involve armed attacks through PDF attachments, making them one of the most dangerous weapons in the hacker's contemporary arsenal.
Last year, more than 400 billion PDFs opened and  87% of global business use them for standard format, PDFs have favoured attack vector. Further, more sophisticated criminals exploit the advantages present by the intricate structure of the PDF document and the trust of users in the format to evade traditional detection methods.

States in the report, "The analysis of PDF documents is deceptively easy for users, while it is very complex for security tools for thorough analysation."

PDFs complexity is defined in nearly, 1,000-page ISO specification, with numerous loopholes for more direct exploitation in the application, such as social engineers, the kind of reader that would read PDF to less obvious ways. The common ones introduce links or QR codes to those threats concealed behind seems like a legitimate invoice form or brand logo.

The common methods are, the use of redirect services links such as Google AMP or Linkedln, reroutes to phising pages. QR codes that prompt users to scan them with phone and bypass most endpoint security checks completely.

Cybercriminals now deploying unique techniques deliberately to bypass antivirus and email security tools:
1. Static analysis avoidance: Cybercriminals encode link misleadingly for static scanners to misinterpret.
2. Noticing rule agnostic: Contains encryption and filters that disguise the PDFs avoid red flags.
3. Workarounds for Machine Learning: Cybercriminals insert malicious text within images or invisible text to confuse AI powered defense tools.   

Check point cautions many of these attack campaigns are not detected by traditional security tools, with some not flagged even once on sites for over a year.

The discussion revolves around an exemplary attack chain: 
Legitimate looking PDF documents containing brand logos are embedded with links to phising sites or malware downloads. 

Check point offers the following recommendation:
1. Always verify the sender of a PDF document.
2. Avoid clicking on any unexpected links in the PDF or scanning QR codes in it.
3. Use secure PDF viewers and keep them up to date.
4. Disable JavaScript in PDF readers whenever possible.
5. If the PDF contains embedded links, hover over those links to inspect the URLs before clicking on them.
6. Trust you instinct: if the PDF feels suspicious, it is probably suspicious.   

For more information on IT Services, Web Applications & Support kindly call or WhatsApp at +91-9733733000 or you can visit https://www.technodg.com