66% Of Malware Delivered Via PDF Files In Malicious Emails: Report

New Delhi: PDFs are the primary malicious email attachment type being used over 66 percent of the time to deliver malware via email in 2022, a new report said on Wednesday. According to researchers from Palo Alto Networks Unit 42, a 910 percent increase saw in monthly registrations for domains, both benign and malicious, related to AI chatbot ChatGPT, between November 2022-April 2023.

Researchers also saw tremendous growth (17,818 percent) in attempts to mimic ChatGPT through squatting domains -- website names that are deliberately registered to appear similar to a popular brand or product.

"As millions of people use ChatGPT, it's unsurprising that we see ChatGPT-related scams, which have exploded over the past year, as cybercriminals take advantage of the hype around AI. But, the trusty email PDF is still the most common way cybercriminals deliver malware," said Sean Duca, VP, and Regional Chief Security Officer at Palo Alto Networks.

Moreover, the report said that the hackers were found more likely to target people visiting adult websites (20.2 percent) and financial services (13.9 percent) sites with newly registered domains (NRDs).

Compared to 2021, the exploitation of vulnerabilities has increased by 55 percent in 2022. Between 2021 and 2022, researchers saw the average number of attacks experienced per customer in the manufacturing, utilities, and energy industry increase by 238 percent.

"Threat actors are constantly evolving their techniques, employing evasion tools and camouflage methods to bypass detection. Organisations must guard against malware designed to exploit older vulnerabilities while proactively staying ahead of sophisticated new attacks," said Anil Valluri, Regional Vice President, India & SAARC at Palo Alto Networks.