Two-thirds of total malware is now delivered through PDF files: Study

Portable document format (PDF) files, sent as attachment to emails, are now increasingly being used to deliver malware as email attachments, according to a new research report. While this kind of cyber threat is not new, the report published on Thursday by cyber security firm Palo Alto Networks Unit 42 Research, found that 66.6% of total malware is now delivered through PDF files.

The research further said that organisations sometimes prefer converting their files to uneditable PDF files especially if used as a business document. This makes it even more difficult for recipients to determine if the files contain malware, and therefore it becomes easier for cybercriminals to use them as carriers.

“Threat actors are constantly evolving their techniques, employing evasion tools and camouflage methods to bypass detection. Organisations must guard against malware designed to exploit older vulnerabilities while proactively staying ahead of sophisticated new attacks,” said Anil Valluri, Regional Vice President, India & SAARC at Palo Alto Networks.

While PDFs are the most popular file type for delivering malware, the research further shows that exploitation of vulnerabilities overall has increased by 55% in 2022, compared to the previous year.

The study shows that Linux malware is on the rise too, targeting cloud workload devices; an estimated 90% of public cloud instances run on Linux. The most common types of threats against the Linux systems are found to be botnets (47%), coinminers (21%), and backdoors (11%).

In another report released in April, the research firm showed that between November 2022 and early April 2023, a 910% increase was noticed in monthly registrations for domains related to ChatGPT. The researchers also saw up to 118 daily detections of ChatGPT-related malicious URLs captured from the traffic seen in its advanced URL filtering system.

Tech major Meta has also said last month that it has uncovered around ten new malware variants that leverage AI chatbot tools, such as OpenAI's widely used ChatGPT, to gain access to user accounts. According to Meta's Q1 security report, malware operators and spammers are strategically targeting popular topics and trends to capture the attention of unsuspecting individuals.

“As millions of people use ChatGPT, it's unsurprising that we see ChatGPT-related scams, which have exploded over the past year, as cybercriminals take advantage of the hype around AI. But, the trusty email PDF is still the most common way cybercriminals deliver malware," said Sean Duca, VP, and Regional Chief Security Officer at Palo Alto Networks.

Palo Alto research further showed that threat actors were found more likely to target people visiting adult websites (20.2%) and financial services (13.9%) sites with newly registered domains. The study also found that the average number of malware attacks experienced per organisation in the manufacturing, utilities, and energy industry increased by 238% over the last 24 months.

To be sure, a research report by cyber security firm Sonicwall published in February saw the total volume of malware attacks went up significantly in 2022, after three years of decline. The report also showed that there was an 87% increase in the internet of things (IoT) malware. Cryptojacking, which is an attack that involves hijacking computer resources to mine cryptocurrency, saw a 43% rise and retail and financial industries were majorly affected, seeing 280% and 352% increases, respectively.