PDFs are becoming a very attractive tool for cybercriminals. Whether or not these are new attacks — or we are just developing the ability to detect them with RTDMI — the volume indicates that they are a serious problem for SMBs, enterprises, governments and organizations across a wide range of industries.
What’s the motive?
- Deprecation of Flash. Adobe Flash was a key attack vector in the past, but has been deprecated and will be completely end of life in 2020. So, attackers’ ability to use Flash exploits have been greatly reduced, forcing them to change tactics.
- Better awareness. Users have learned that executables sent to them are potential dangerous and could contain viruses, so they are more hesitant to click .exe files, forcing attackers to try new techniques.
- Must-trust files. Businesses move fast. Users are under constant pressure and don’t have the time, experience or know-how to vet every file type that hits their inbox. As such, users make assumptions that trusted file types (e.g., PDFs, Office files) used daily are, for the most part, safe. So, users are more likely to read and click links within them without considering the source or ramifications.
Who is behind this?
While attribution is difficult, SonicWall believes the latest spike in malicious PDF activity is Russian-based because of the use of many .ru top-level domains leveraged across analyzed campaigns.
How to stop cyberattacks that use PDF and Office files?
Most traditional security controls cannot identify and mitigate malware hidden in PDF file types, greatly increasing the success of the payload. That’s where SonicWall is unique. The technology analyzes documents dynamically via proprietary exploit detection technology, along with static inspection, to detect many malicious document categories, including PDFs, Office files, and a wide range of scripts and executables.
- Force attacks to reveal intentions. SonicWall operates in parallel with the SonicWall Capture ATP sandbox service to quickly get a verdict on any suspicious piece of code as it operates in memory, including malicious PDFs and Office files.
- Protect the most common attack vectors. Another important layer of defense against malicious PDFs is email security. SonicWall offers cloud, hosted and on-premises email security solutions. SonicWall leverages advanced security controls to examine files, senders, domains and URLs to look for malicious activity.
- Make training a policy. Improve awareness by implementing employee training protocols to ensure users know how to examine PDF and Office file attachments carefully before opening or clicking unknown links.
- Use endpoint protection. SonicWall recommends using advanced endpoint security, such as Capture Client powered by SentinelOne, to constantly monitor the behavior of a system to scout for malicious behavior, including PDF attacks.
Please use the form below to request a price quote on any SonicWall product. After submitting your request, a representative will respond to you within 24 hours with your pricing and additional information you may need to make your purchase.
If you have any additional questions or would like to receive a quote over the phone, please call us: (01) 846 4200
ACS is one of Ireland’s leading SonicWALL Firewall official reseller in Dublin | Cork | Waterford |Waterford | Galway | Drogheda | Belfast| Limerick | Shannon| Dundalk |Sligo