Two-thirds of email malware delivered via PDF

Two-thirds of malware sent over email is being delivered through PDFs, according to a new report published by Palo Alto Networks’ Unit 42.

The report found that PDFs are now the most popular file type for delivering malware via email, as cybercriminals seek to use both existing vulnerabilities and new ones that are yet to be disclosed to expand their attack surface.

According to the report, there has been a 55% increase in vulnerability exploitation attempts per customer compared to 2021.

With all the attention being paid to ChatGPT, there has meanwhile been a 910% increase in monthly registrations for domains, both benign and malicious, related to ChatGPT.

Likewise, cryptominer traffic doubled in 2022, while threat actors are increasingly suing newly registered domains for phishing, social engineering and spreading malware.

Attackers are meanwhile seeking new opportunities to attack victims using cloud workloads and IoT devices running on Linux-based operating systems. The most common types of threats against Linux systems are: botnets (47%), coinminers (21%) and backdoors (11%).

Another major trend involves the increasing use of encrypted malware traffic. Unit 42 estimates that 2.91% of malware traffic is already SSL encrypted, and malware families using encrypted traffic to blend in with benign network traffic is only expected to grow.

Palo Alto Networks Regional VP for ANZ Steve Manley said attackers are constantly evolving their techniques to stay ahead of attempts to curtail their activities.

“Threat actors are ... adopting multivector attacks that aim to bypass detection by employing various evasion tools and camouflage methods,” he said.

“They have become adept at exploiting vulnerabilities, and by the time security researchers and software vendors close the door on one vulnerability, cybercriminals have already found the next door to creak open. Organisations must, therefore, simultaneously guard against malware designed to exploit older vulnerabilities while proactively staying ahead of sophisticated new attacks.”

Image credit: iStock.com/Just_Super