Common business document files could be hiding malware
capable of bypassing standard security systems and stealing
confidential information.
Cybercrimals are increasingly
exploiting vulnerabilities in trusted file formats to slip
through web and e-mail filtering systems, warn year-end cyber
threat reports.
The use of this method of attack is expected to grow in the
coming year as it enables cybercriminals to defeat traditional
defences and sneak data harvesting Trojans through corporate
firewalls.
Adobe's PortableDocument Format (PDF), which was created for
sharing documents between users with different operating systems,
has been a
prime initial target.
Many businesses rely on PDF documents to exchange information
and consider them to be safe, with most e-mail and web filtering
systems allowing them through by default.
With millions of unpatched PDF readers on business machines,
criminals are able to exploit the scripting vulnerability within
the document format to smuggle in malware.
Recipients are likely to open the documents because they are
often crafted to appear legitimate, using information criminals
have collected about the target organisation.
This type of attack is a growing threat that security
professionals in large organisations throughout Europe have
identified, says Alessandro Moretti, (ISC)2 European advisory board
member.
Moretti, who is also a UBS investment bank executive director
for IT security risk management, says he is seeing increasing
creativity in the way organised criminalgangs manipulate e-mail
attachments in PDF and other common document formats.
"A lot of the larger organisations have seen this threat and are
working with professional security firms that provide security
services to deal with this type of threat," he says.
Organisations that want to protect their customers and users
will have to consider investing in specialised services which have
access to leading-edge technologies to mitigate this threat, says
Moretti.
As a first step, security suppliers say organisations should
ensure that security patches for all applications are up to date,
particularly PDF readers.
Web and e-mail filtering system settings should also be checked
to ensure that PDF files are not trusted by default.
The optimal way to prevent this type of attack is
active real-time content inspection technologies that can
detect malicious code without signatures.