Cyber SafetyPress ReleaseThreat Detection & Defense

66% of Malware is Delivered Through PDFs

Palo Alto Networks, the global cybersecurity leader, published Volume 2 of its Unit 42 Network Threat Trends Research Report. The report analysed global telemetry from Palo Alto Networks’ Next-Generation Firewall (NGFW)Cortex Data LakeAdvanced URL Filtering and Advanced WildFire, identifying malware threat trends and providing analysis of the most significant and prevalent malware trends in the wild.

With the rate of vulnerability exploitation showing no sign of slowing down — up from 147,000 attempts in 2021 to 228,000 in 2022 – threat actors are exploiting both vulnerabilities that are already disclosed and ones that are not yet disclosed, including remote code execution (RCE), emails, compromised websites, newly registered domains (NRDs), ChatGPT/AI scams and cryptominer traffic.

“Today’s threat actors are like shape-shifting masters, continuously adapting their tactics to slip through the cracks of our interconnected network. With a cunning blend of evasion tools and camouflage methods, the bad actors have weaponized the threats,” says Steven Scheurmann, Regional Vice President, ASEAN at Palo Alto Networks. “They have become adept at exploiting vulnerabilities, and by the time security researchers and software vendors close the door on one vulnerability, cybercriminals have already found the next door to creak open. Organisations must, therefore, simultaneously guard against malware designed to exploit older vulnerabilities while proactively staying ahead of sophisticated new attacks.”

Some of the key findings from the report include:

  • Exploitation of vulnerabilities has increased. There was a 55% increase in vulnerability exploitation attempts, per customer, on average, compared to 2021.
  • PDFs are the most popular file type for delivering malware: PDFs are the primary malicious email attachment type, being used 66% of the time to deliver malware via email.
  • ChatGPT scams: Between November 2022-April 2023, Unit 42 saw a 910% increase in monthly registrations for domains, both benign and malicious, related to ChatGPT, in an attempt to mimic ChatGPT.
  • Malware aimed at industries using OT technology is increasing: The average number of malware attacks experienced per organisation in the manufacturing, utilities and energy industry increased by 238% (between 2021 and 2022).
  • Linux malware is on the rise, targeting cloud workload devices. An estimated 90% of public cloud instances run on Linux. Attackers seek new opportunities in cloud workloads and IoT devices running on Unix-like operating systems. The most common types of threats against Linux systems are: botnets (47%), coinminers (21%) and backdoors (11%).
  • Cryptominer traffic is on the rise: Doubling in 2022, cryptomining continues to be an area of interest to threat actors, with 45% of sampled organisations having a signature trigger history that contains cryptominer-related traffic.
  • Newly Registered Domains: To avoid detection, threat actors use newly registered domains (NRDs) for phishing, social engineering and spreading malware. Threat actors are more likely to target people visiting adult websites (20.2%) and financial services (13.9%) sites with NRDs.
  • Evasive Threats will Continue to Become Increasingly Complex: While attackers’ continued use of old vulnerabilities shows that they will reuse code as long as it proves lucrative, there comes a point where creating newer, more complex attack techniques is necessary. When basic evasions became popular and security vendors started detecting them, attackers responded by moving toward more advanced techniques.
  • Encrypted Malware in Traffic will Keep Increasing. 12.91% of malware traffic is already SSL encrypted. As threat actors adopt more tactics that mimic those of legitimate businesses, it’s expected malware families using SSL-encrypted traffic to blend in with benign network traffic will continue growing.

“As millions of people use ChatGPT, it’s unsurprising that we see ChatGPT-related scams, which have exploded over the past year, as cybercriminals take advantage of the hype around AI. But, the trusty email PDF is still the most common way cybercriminals deliver malware,” says Sean Duca, VP and Regional Chief Security Officer at Palo Alto Networks. “Cybercriminals, no doubt, are looking at how they can leverage it for their nefarious activities, but for now, simple social engineering will do just fine at tricking potential victims. Organisations must therefore take a holistic view of their security environment to provide comprehensive oversight of their network and ensure security best practices are followed at every level of the organisation.”

Download a copy of the “Unit 42 Network Threat Trends Research Report, Volume 2

CSA Editorial

Launched in Jan 2018, in partnership with Cyber Security Malaysia (an agency under MOSTI). CSA is a news and content platform focusing on key issues in cybersecurity in the region. CSA is targeted to serve the needs of cybersecurity professionals, IT professionals, Risk professionals and C-Levels who have an obligation to understand the impact of cyber threats.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *