Sent as an attachment to emails, portable document format (PDF) files are now utilized to deliver malware to end users devices, this is according to the latest data from Palo Alto Networks Unit 42 Research.

Palo Alto Networks’ research found that 66.6% of total malware is delivered through PDF files. Organizations sometimes prefer converting their files to uneditable PDF files especially if used as a business document. This makes it even more difficult for recipients to determine if the files contain malware, which makes it much easier for criminals to use them as carriers.

“Today’s threat actors are like shape-shifting masters, continuously adapting their tactics to slip through the cracks of our interconnected network. With a cunning blend of evasion tools and camouflage methods, the bad actors have weaponized the threats,” says Steven Scheurmann, regional vice president for ASEAN at Palo Alto Networks. 

Palo Alto Networks bolsters SaaS applications security
Ransomware attacks in PH surge by 60% 

The focus these days are on website links that have become the most notorious way used by cybercriminals for phishing. 

Palo Alto Networks explained that the attachments themselves might contain a URL link to click, or a button that sends victims to a website with a malicious purpose.

Phishing in the Philippine shores

In countries like the Philippines where phishing is one of the most prevalent scams, this trend emphasizes that Filipinos have to be familiar with social engineering tactics as these play a crucial role in making an attack successful. 

“Threat actors have become adept at exploiting vulnerabilities, and by the time security researchers and software vendors close the door on one vulnerability, cybercriminals have already found the next door to creak open,” Scheurmann said.

Also based on the same research, Unit 42 also found a 910% increase in monthly registrations for domains, both benign and malicious, related to ChatGPT.

“As millions of people use ChatGPT, it’s unsurprising that we see ChatGPT-related scams, which have exploded over the past year, as cybercriminals take advantage of the hype around AI,” said Sean Duca, VP and regional chief security officer at Palo Alto Networks.