Cybercriminals have been using social media profiles of potential victims in crafting what types of social engineering to employ, according to the latest report from cybersecurity solutions company Palo Alto Networks.

Phishing remains to be the most popular form of social engineering used by attackers 40% of the time. Clueless victims will be easily swayed by the sense of urgency in messages sent by cybercriminals.

In the recent phishing attacks against users of an e-wallet in the Philippines, investigations showed that victims had clicked on links meant to obtain their personal information. 

Palo Alto Networks: Cybercriminals spread malware via PDF files
Ransomware attacks in PH surge by 60% — Palo Alto Networks

Palo Alto Network’s Unit 42 Network Threat Trends Research Report found that 66% of malware is delivered through PDFs. This document format is often used in businesses and other corporate environments.

Increase in ransomware

“Alongside using social media for intelligence gathering and dissemination, cybercriminals also share malicious links on social media directly,” Palo Alto Network said in a media release. “These links, harboring anything from viruses, trojans, spyware, and ransomware, help hackers access devices and networks to steal data and take control of systems.”

Of these formats, ransomware is seeing alarming growth. Philippine organizations were found by Unit 42’s Ransomware and Extortion Report to be severely affected by ransomware, with attacks surging to around 60% in 2022.

AI and deepfakes

According to the cybersecurity solutions company, threat actors can exploit artificial intelligence (AI) and deepfakes to carry out attacks. From identity theft to catfishing, cybercriminals use social media to capture information and content from unsuspecting victims, assume their identities, and commit fraudulent activity. 

“But the breadth of ways impersonations or fake identities are being used in the security space is growing,” the company said. “As technological advancements improve the quality, customizability, and accessibility of AI-enabled content creation, malicious actors are using this technology to exploit images and videos — often taken from social media platforms — and manipulate them into content that can be used for extortion, harassment, misinformation, and reputational damage.”

At this stage, it is still difficult to spot deepfakes making it even more dangerous for social media users, especially for those who rarely double-check their sources.

Generative AI

As public interest in generative AI grows, malicious actors also use this to their advantage, with ChatGPT-themed lures increasingly being used to spread malware across platforms like Facebook, Instagram, and WhatsApp. 

“Earlier this year, Meta’s security teams uncovered 10 malware families using ChatGPT (and similar themes) to deliver malicious software to users’ devices,” Palo Alto Networks said. “In one instance, cybercriminals created malicious browser extensions available in official web stores that claim to offer ChatGPT-based tools, which were then promoted on social media and through sponsored search results to trick people into downloading malware.” 

Palo Alto Networks advises organizations to embed cybersecurity education within the workplace curriculum and regularly testing the effectiveness of that training is crucial. Many companies incorporate measures like rewarding employees that spot phishing attempts and report them to the security operations team, and they see the value these practices can have for promoting cybersafety.