Malicious PDFs: How This New Cyberattack Could Steal Your Company’s Emails

Jim Tarala
Author: Jim Tarala Date: 09/13/2018

Imagine finding out that someone in your office was quietly monitoring all your incoming and outgoing business communications. That person then copied every message you sent and emailed all the information to a co-conspirator outside your organization, allowing that co-conspirator to use the information to steal from or blackmail your company.

If such a scenario happened, you would surely call the police and have this person arrested. However, this not only might be happening right now, but the perpetrator could be your personal computer. According to security researchers, a new phishing technique is distributing emails with dangerous payloads, known as “malicious PDFs” — a stealthy backdoor for spying on business computers.

A New Twist on an Old Scam

The malicious PDF is not a new hack. The PDF is a popular format for creating, storing and publishing documents, and they can contain JavaScript code for legitimate purposes like adding 3D content. However, malicious JavaScript code inside a PDF can hijack the PDF functions in order to download an executable file from the internet which initiates an attack on the victim’s machine. This JavaScript code can also open a malicious website that can perform a variety of operations targeting the victim’s machine.

In the newest variant of this attack, a hacker installs a backdoor that's able to attach itself and connect to a computer’s Outlook application or other email clients (you can see a map of infections here). It is able to copy any data that comes from an email exchange and save it in the PDF format. Because the Adobe PDF format is a commonly accepted document type, it is not easily detected by commonly used data loss prevention products because it looks like it’s just a part of your email client.

Unlike other backdoor hacks, this new variant does not need to receive communications from a remote server. According to researchers, the malware can be completely controlled via email, and the data exfiltration can look entirely legitimate. The hacker can simply send an email from any email address which can activate the code, or simply program the virus to automatically send files back to them using your email server.

A Worldwide Phenomenon

According to reports, the exploit is the work of the Turla group, a Russian intelligence-affiliated group which was credited with a cybersecurity breach at U.S. Central Command in 2008 as well as attacks against other government and military organizations. This new exploit is designed to evade firewalls and standard cybersecurity software solutions. For this reason, organizations should diligently analyze and monitor email traffic for unusual behavior, such as the forwarding of every email to an external email address.

The malicious PDF itself is distributed through phishing tactics — usually by spoofing emails from popular social web sites, banks, auction sites or IT administrators. However, once inside, this exploit can be difficult to identify using off-the-shelf security software. Organizations should educate their employees through security awareness training and explain how the phishing emails they may receive aren’t what they seem. 

Tackling malware and protecting your network is a never-ending battle, but it can be managed. To make sure your business is completely protected, reach out to a Gordon Flesch Company representative today for a free, no-obligation consultation to determine your business security needs. And, if you’re considering whether Managed IT and the vCIO services that come along with it are right for your business, be sure to check out our helpful comparison guide below. 

Top Six Benefits of A Virtual vCIO infographic - blog footer CTA

Topics: Cybersecurity

Leave a Comment

Written by Jim Tarala

Jim Tarala is a Gordon Flesch Company vCIO with more than 25 years of experience in professional services, technology, and as a small business owner. He now combines all of that knowledge and experience to help customers strategically use technology to solve their biggest business challenges.

Need More Information?

We’re ready – and eager – to help you solve your technology challenges.