PDF: The vehicle of choice for malware and fraud

There has been a substantial increase of fraudulent PDF files, according to a report by SonicWall Capture Labs threat researchers.

fraudulent PDF files increase

This fraud campaign takes advantage of recipients’ trust in PDF files as a “safe” file format that is widely used and relied upon for business operations.

“Increasingly, email, Office documents and now PDFs are the vehicle of choice for malware and fraud in the cyber landscape,” said SonicWall President and CEO Bill Conner.

“In all of last year, our Capture ATP sandbox discovered more than 47,000 new attack variants in PDF files. This year, we’ve already seen that number rise significantly with over 73,000 PDF-based attacks discovered in March alone.”

Last year, SonicWall Real-Time Deep Memory Inspection (RTDMI) identified over 74,000 never-before-seen attacks, a number that has already been surpassed in the first quarter of 2019 with more than 173,000 new variants detected. In March RTDMI identified over 83,000 malicious events, of which over 67,000 were PDFs linked to scammers and more than 5,500 were PDFs with direct links to other malware.

Targets of the phishing style PDF scam campaigns typically receive malicious documents from “businesses” luring victims with attached PDF files that look deceivingly realistic with misleading links to fraudulent pages. The business offer within the PDF attachment is enticing to recipients, as it promises to be free and profitable with just the click of a link.

Most traditional security controls cannot identify and mitigate links to scams or malware hidden in PDF files, greatly increasing the success of the payload. This increase implies a growing, widespread and effective strategy against small- and medium-sized businesses, enterprises and government agencies.