EXECUTIVE SUMMARY:
In a startling discovery, Check Point Research has found that nearly 70% of all file-based email attacks worldwide now leverage malicious PDFs. This figure represents a 20% increase, year-over-year.
| One out of every 246 email attachments is malicious. |
Such a sharp year-over-year spike indicates that cyber criminals perceive PDFs as an effective malware delivery mechanism — one which they will continue to employ until relevant threat prevention tools see widespread adoption.
PDF attacks
As Check Point security engineer Rudi van Rooyen explains it, PDF-based attacks exploit vulnerabilities in traditional, signature-based security scanners. Cyber criminals embed hidden content in PDFs and the content effectively bypasses security checks.
The healthcare industry has been particularly hard-hit by PDF-based threats and, given the operational damage that could occur and the lives that could be affected, the need for effective countermeasures is readily apparent.
AI-powered protection
To address this issue, Check Point has launched an AI-powered engine called Deep PDF. It utilizes deep learning algorithms to review all PDF content components.
Deep PDF examines:
- The internal structure of PDFs
- Embedded images and their placement
- Embedded URLs and their context within the document
- Raw content within the PDF
Says Van Rooyen, Deep PDF technology is a component of Check Point’s ThreatCloud AI. It’s available to all Check Point customers; from small businesses to multi-national companies that leverage the complete security platform.
To analyze malicious PDFs, Check Point’s ThreatCloudAI not only utilizes the Deep PDF tool, but also deploys over 300 machine learning features to conduct a comprehensive analysis of a given email attachment and its payload.
Call to action for security leaders
The sharp spike in PDF-based malware indicates that security leaders need to take action. Flawed email security (signature-based defense) is no longer good enough.
To stay ahead of attachment-focused adversaries, organizations need to proactively embrace AI/ML-driven threat prevention.
Partner with industry leading security providers, like Check Point, to obtain cutting-edge technologies that can effectively detect and prevent the most sophisticated of malware-based attacks.
Key takeaways for security leaders
- Leverage AI-powered technologies, like Deep PDF, to enhance your organization’s cyber security posture.
- Implement regular cyber security awareness programs for employees. Discuss PDF-based attacks, how to approach a potentially malicious PDF, and how to proceed if a suspect file is accidentally downloaded or opened.
- Ensure that your organization maintains a comprehensive incident response plan. Detail procedures for containing and mitigating cyber security incidents. Regularly test and evolve the plan to reflect new threats, like PDF-based malware.
- Collaborate across your sector and with security providers, as partnerships can provide stabilizing resources and support.
For technical information concerning PDF-based threats, please visit the Check Point Research website. For more malware-related insights, please see CyberTalk.org’s past coverage.
Lastly, to receive thought leadership insights, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.