PDFs: Still be wary

Phishing is no different than other attack methodologies. These evolve over time. Initially the attack may be a bit unsophisticated and rough. These attacks tend to work for a bit, until a defense is put in place. At this point, the attack improves its operations or mode of attack, much like a business would improve its operations if the need presented itself.

Phishing has exhibited this trait as well. Phishing began, and to an extent, continues to consist of emails, a portion still poorly written with grammar and spelling errors. This has been increasingly filtered from the users via improved detection techniques. To improve on their return on investment (ROI), the attackers have adjusted the email mode of transmitting the malicious message. In prior attempts of infection, the message would include a link to a website or attached file, both with the intent of spreading some form of malware. The latest nuance still involves the email as the mode, however there is a new twist. The email has a PDF email attachment. This is presented as being from a legitimate company. This may have noted the claim of a job, refund, or other enticement. The attacker’s hook, however, is the PDF directing the person to enter their credentials to retrieve the information in the attachment. Another message noted has been for the PDF to provide a link allegedly to Dropbox, where the information is also located.

This will not be the last iteration of phishing evolving to better suit the attacker. This provides another example of the flexibility of those who would attack and attempt to compromise the enterprise for the industries. The CTO, CISO, and others need to maintain a vigilance and research into new forms of attacks.

Resource

Vatu, G. (2017, January 27). Watch out for phishing technique involving PDF files. Retrieved from http://news.softpedia.com/news/watch-out-for-phishing-technique-involving-pdf-files-512310.shtml

About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.