Nearly 41 million PDFs scanned in the last three months were part of an attack, according to Barracuda Networks.
- PDF files are the most likely to be weaponized and transmitted through attack surfaced, because they are easily created and transmitted. — Barracuda Networks, 2018
- Nearly 41 million PDFs scanned in the last three months were part of an attack. — Barracuda Networks, 2018
Businesses beware: That PDF you're about to open may be part of a targeted cyberattack that will compromise your system.
PDF files are the most likely of any other file type to be weaponized, according to a Thursday report from security firm Barracuda Networks. In the last three months, nearly 41 million PDFs scanned were part of an attack, often containing links to malicious sites and active scripts, the report found.
PDFs are especially susceptible to malicious activity because they are easy to construct and transmit, the report noted. Business users and consumers alike must be extremely cautious when opening any PDF attachment in an email or on a website, even when it appears to come from a trusted source. Security professionals should also ensure that employee cybersecurity training is in place at their organization to decrease the likelihood of someone accidentally opening a malicious file or link on a work machine.
"Organizations often become aware of vicious cyberattacks after the damage has already been done," Fleming Shi, senior vice president of technology at Barracuda Networks, said in a press release.
Compressed files are another increasingly popular way for criminals to transmit hidden attacks, and hide non-malware infections like PowerShell scripts. One example of this took place in September 2017, when Barracuda detected a massive ransomware campaign with more than 27 million emails reaching customers in less than a day.
Information leaked in the Equifax breach and other major cyberattacks that resulted in the loss of personally identifiable information (PII) for millions of people will also likely increase both mass phishing and spear phishing attacks in the coming year, the report noted, so businesses and consumers should be vigilant in their efforts to combat these threats.