66% of Malware is Delivered Through PDFs, New Report from Palo Alto Networks Unit 42 Finds
Posted: Tuesday, Jun 06

i 3 Table of Contents

66% of Malware is Delivered Through PDFs, New Report from Palo Alto Networks Unit 42 Finds
From KBI

Palo Alto Networks (NASDAQ: PANW), the global cybersecurity leader, today published Volume 2 of its Unit 42 Network Threat Trends Research Report. The report analysed global telemetry from Palo Alto Networks’ Next-Generation Firewall (NGFW)Cortex Data LakeAdvanced URL Filtering and Advanced WildFire, identifying malware threat trends and providing analysis of the most significant and prevalent malware trends in the wild.

With the rate of vulnerability exploitation showing no sign of slowing down — up from 147,000 attempts in 2021 to 228,000 in 2022 – threat actors are exploiting both vulnerabilities that are already disclosed and ones that are not yet disclosed, including remote code execution (RCE), emails, compromised websites, newly registered domains (NRDs), ChatGPT/AI scams and cryptominer traffic.

“Threat actors are constantly evolving their techniques, adopting multivector attacks that aim to bypass detection by employing various evasion tools and camouflage methods,” says Steve Manley, Regional Vice President ANZ at Palo Alto Networks. “They have become adept at exploiting vulnerabilities, and by the time security researchers and software vendors close the door on one vulnerability, cybercriminals have already found the next door to creak open. Organisations must, therefore, simultaneously guard against malware designed to exploit older vulnerabilities while proactively staying ahead of sophisticated new attacks.”

Some of the key findings from the report include:

  • Exploitation of vulnerabilities has increased. There was a 55% increase in vulnerability exploitation attempts, per customer, on average, compared to 2021.
  • PDFs are the most popular file type for delivering malware: PDFs are the primary malicious email attachment type, being used 66% of the time to deliver malware via email.
  • ChatGPT scamsBetween November 2022-April 2023, Unit 42 saw a 910% increase in monthly registrations for domains, both benign and malicious, related to ChatGPT, in an attempt to mimic ChatGPT.
  • Malware aimed at industries using OT technology is increasing: The average number of malware attacks experienced per organisation in the manufacturing, utilities and energy industry increased by 238% (between 2021 and 2022).
  • Linux malware is on the rise, targeting cloud workload devices. An estimated 90% of public cloud instances run on Linux. Attackers seek new opportunities in cloud workloads and IoT devices running on Unix-like operating systems. The most common types of threats against Linux systems are: botnets (47%), coinminers (21%) and backdoors (11%).
  • Cryptominer traffic is on the rise: Doubling in 2022, cryptomining continues to be an area of interest to threat actors, with 45% of sampled organisations having a signature trigger history that contains cryptominer-related traffic.
  • Newly Registered Domains: To avoid detection, threat actors use newly registered domains (NRDs) for phishing, social engineering and spreading malware. Threat actors are more likely to target people visiting adult websites (20.2%) and financial services (13.9%) sites with NRDs.
  • Evasive Threats will Continue to Become Increasingly Complex: While attackers’ continued use of old vulnerabilities shows that they will reuse code as long as it proves lucrative, there comes a point where creating newer, more complex attack techniques is necessary. When basic evasions became popular and security vendors started detecting them, attackers responded by moving toward more advanced techniques.
  • Encrypted Malware in Traffic will Keep Increasing. 12.91% of malware traffic is already SSL encrypted. As threat actors adopt more tactics that mimic those of legitimate businesses, it’s expected malware families using SSL-encrypted traffic to blend in with benign network traffic will continue growing.

“As millions of people use ChatGPT, it’s unsurprising that we see ChatGPT-related scams, which have exploded over the past year, as cybercriminals take advantage of the hype around AI. But the trusty email PDF is still the most common way cybercriminals deliver malware,” says Sean Duca, VP and Regional Chief Security Officer at Palo Alto Networks. “Cybercriminals, no doubt, are looking at how they can leverage it for their nefarious activities, but for now, simple social engineering will do just fine at tricking potential victims. Organisations must therefore take a holistic view of their security environment to provide comprehensive oversight of their network and ensure security best practices are followed at every level of the organisation.”

Download a copy of the “Unit 42 Network Threat Trends Research Report, Volume 2

Additional Resources

About Unit 42

Palo Alto Networks Unit 42 brings together world-renowned threat researchers, elite incident responders, and expert security consultants to create an intelligence-driven, response-ready organisation that’s passionate about helping you proactively manage cyber risk. Together, our team serves as your trusted advisor to help assess and test your security controls against the right threats, transform your security strategy with a threat-informed approach and respond to incidents in record time so that you get back to business faster. Visit paloaltonetworks.com/unit42.


About Palo Alto Networks

Palo Alto Networks is the world’s cybersecurity leader. We innovate to outpace cyberthreats, so organisations can embrace technology with confidence. We provide next-gen cybersecurity to thousands of customers globally, across all sectors. Our best-in-class cybersecurity platforms and services are backed by industry-leading threat intelligence and strengthened by state-of-the-art automation. Whether deploying our products to enable the Zero Trust Enterprise, responding to a security incident, or partnering to deliver better security outcomes through a world-class partner ecosystem, we’re committed to helping ensure each day is safer than the one before. It’s what makes us the cybersecurity partner of choice.

At Palo Alto Networks, we’re committed to bringing together the very best people in service of our mission, so we’re also proud to be the cybersecurity workplace of choice, recognised among Newsweek’s Most Loved Workplaces (2021), Comparably Best Companies for Diversity (2021), and HRC Best Places for LGBTQ Equality (2022). For more information, visit www.paloaltonetworks.com.

Palo Alto Networks and the Palo Alto Networks logo are trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names, or service marks used or mentioned herein belong to their respective owners. Any unreleased services or features (and any services or features not generally available to customers) referenced in this or other press releases or public statements are not currently available (or are not yet generally available to customers) and may not be delivered when expected or at all. Customers who purchase Palo Alto Networks applications should make their purchase decisions based on services and features currently generally available.

The Production Team
The KBI Production Team is a staff of specialist technology professionals with a detailed understanding across much of cybersecurity and emerging technology. With many decades of collective industry experience, as well as expertise in marketing & communications, we bring news and analysis of the cybersecurity industry.
Share This