The PDF format, created by Adobe in 1993, is one of the most used document formats in the world.
By certain estimates, there are more than 2 billion PDFs opened each year in Microsoft Outlook only.
But is this format safe? Can hackers exploit it to compromise your endpoint? And what protection measures can a company enact?
Here’s a little overview of the question.
The PDF format (for Portable Document File) has some characteristics that contribute to its security, when compared for example with Word documents or ISO files…
Based on these factors, it has been easier for hackers to hide their malware in other types of files than in PDFs.
But that doesn’t mean (at all) that the PDF you just received is necessarily safe !
A PDF can be used as an attack vector for hackers. In order to do this, some techniques are available to them.
PDFs can have scripts in order to provide for a minimum of user interaction and edition (like for example filling in fields or signing a document or to enable interaction with buttons like “print”).
These scripts can be edited in a normal fashion (via tools like Adobe Acrobat Pro) and can then be executed by the PDF readers. But hackers can also inject their own commands in these PDF files.
A PDF with multimedia content can present a risk: videos or audio files can be corrupted and used to mask malicious code.
Objects like Word or Excel files that are integrated within a PDF can also contain malware. For example, opening a PDF can lead to a Word file being opened and the deployment of malware (like a loader) if macros are activated
Finally, there is an even simpler technique to turn a PDF into an intermediary in the compromission of an endpoint: social engineering.
The hackers’ goal here is to convince the user to click on the links that are in the PDF file. This can be achieved by leveraging certain psychological tricks (curiosity, fear, authority, personal gain…).
The links can redirect the users towards malicious sites that will harvest their credentials (fake login page) or trick them into downloading malware (drive-by-download)…
Nothing can completely secure a company from attacks using a certain type of file (especially when the format is used multiple times on a daily basis) but some measures can be taken to mitigate this risk.
Some of our best-performing phishing simulation scenarios as observed in campaigns with various companies
Who are Initial Access Brokers and what do they do? What are some of their techniques, and how can you protect your company against them?
Why does a simple phishing email threaten an entire company? How do hackers move on from a low-level account to significant privileges, and, eventually, deploy a ransomware?