If you receive an email with a PDF attachment, you might want to think twice before opening it. According to a new report by Palo Alto Networks, the global cybersecurity leader, PDF files are the most common way of delivering malware to unsuspecting victims.
The report, titled Unit 42 Network Threat Trends Research Report Vol.2., reveals the current trends in malware and how cybercriminals use different methods to infect computers and networks. The report is based on global telemetry data collected from Palo Alto Networks’ products and services.
The report shows that 66.6% of all malware is delivered through PDF files attached to malicious emails. PDF files are widely used in business settings, and many people do not realize that they can contain harmful links or buttons that can redirect them to malicious websites.
Cybercriminals use social engineering techniques to trick people into opening these attachments. They use names like invoice_AUG_4601582.pdf or Updated Salary Evaluation that sound legitimate and relevant to the recipients. Once the victims open the attachments, they are exposed to malware that can steal their data, encrypt their files, or hijack their devices.
This trend is especially alarming for countries like the Philippines, where phishing is one of the most prevalent scams. Filipinos need to be aware of these tactics and avoid opening suspicious attachments or clicking on unknown links.
“Today’s threat actors are like shape-shifting masters, continuously adapting their tactics to slip through the cracks of our interconnected network. With a cunning blend of evasion tools and camouflage methods, the bad actors have weaponized the threats,” says Steven Scheurmann, Regional Vice President, ASEAN at Palo Alto Networks. “They have become adept at exploiting vulnerabilities, and by the time security researchers and software vendors close the door on one vulnerability, cybercriminals have already found the next door to creak open. Organizations must, therefore, simultaneously guard against malware designed to exploit older vulnerabilities while proactively staying ahead of sophisticated new attacks.”
The report also highlights other key findings, such as:
- The number of attacks that exploit vulnerabilities has increased by 55% compared to 2021.
- Linux malware is on the rise, targeting cloud workload devices; an estimated 90% of public cloud instances run on Linux. The most common types of threats against Linux systems are botnets (47%), coinminers (21%), and backdoors (11%).
- ChatGPT scams: Unit 42 saw a 910% increase in monthly registrations for domains, both benign and malicious, related to ChatGPT.
- Cryptominer traffic doubled in 2022.
- Newly Registered Domains: Threat actors were more likely to target people visiting adult websites (20.2%) and financial services (13.9%) sites with newly registered domains (NRDs).
- Malware aimed at industries using OT technology is increasing: The average number of malware attacks experienced per organization in the manufacturing, utilities, and energy industry increased by 238% (between 2021 and 2022).
“As millions of people use ChatGPT, it’s unsurprising that we see ChatGPT-related scams, which have exploded over the past year, as cybercriminals take advantage of the hype around AI. But, the trusty email PDF is still the most common way cybercriminals deliver malware,” says Sean Duca, VP and Regional Chief Security Officer at Palo Alto Networks. “Cybercriminals, no doubt, are looking at how they can leverage it for their nefarious activities, but for now, simple social engineering will do just fine at tricking potential victims. Organizations must therefore take a holistic view of their security environment to provide comprehensive oversight of their network and ensure security best practices are followed at every level of the organization.”
Also read: Can ChatGPT be used in AI-led cyberattacks?
The Unit 42 Network Threat Trends Research Report Vol.2. is available for download here: https://unit42.paloaltonetworks.com/network-threat-trends-vol-2/.
