The PDF format, created by Adobe in 1993, is one of the most used document formats in the world.
By certain estimates, there are more than 2 billion PDFs opened each year in Microsoft Outlook only.
But is this format safe? Can hackers exploit it to compromise your endpoint? And what protection measures can a company enact?
Here’s a little overview of the question.
The PDF format (for Portable Document File) has some characteristics that contribute to its security, when compared for example with Word documents or ISO files…
Based on these factors, it has been easier for hackers to hide their malware in other types of files than in PDFs.
But that doesn’t mean (at all) that the PDF you just received is necessarily safe !
A PDF can be used as an attack vector for hackers. In order to do this, some techniques are available to them.
PDFs can have scripts in order to provide for a minimum of user interaction and edition (like for example filling in fields or signing a document or to enable interaction with buttons like “print”).
These scripts can be edited in a normal fashion (via tools like Adobe Acrobat Pro) and can then be executed by the PDF readers. But hackers can also inject their own commands in these PDF files.
A PDF with multimedia content can present a risk: videos or audio files can be corrupted and used to mask malicious code.
Objects like Word or Excel files that are integrated within a PDF can also contain malware. For example, opening a PDF can lead to a Word file being opened and the deployment of malware (like a loader) if macros are activated
Finally, there is an even simpler technique to turn a PDF into an intermediary in the compromission of an endpoint: social engineering.
The hackers’ goal here is to convince the user to click on the links that are in the PDF file. This can be achieved by leveraging certain psychological tricks (curiosity, fear, authority, personal gain…).
The links can redirect the users towards malicious sites that will harvest their credentials (fake login page) or trick them into downloading malware (drive-by-download)…
Nothing can completely secure a company from attacks using a certain type of file (especially when the format is used multiple times on a daily basis) but some measures can be taken to mitigate this risk.
Anti-spams are great! But hackers have elvoved to counter them and developed techniques to bypass them and successfully execute phishing campaigns.
What is OSINT (Open Source INtelligence) and how do hackers use it for their phishing attacks?