66% of malware delivered via PDF files in malicious emails: Report

PDFs are the primary malicious email attachment type being used over 66 per cent of the time to deliver malware via email in 2022, a new report said on Wednesday.

According to researchers from Palo Alto Networks Unit 42, a 910 per cent increase saw in monthly registrations for domains, both benign and malicious, related to AI chatbot ChatGPT, between November 2022-April 2023.

Researchers also saw tremendous growth (17,818 per cent) in attempts to mimic ChatGPT through squatting domains -- website names that are deliberately registered to appear similar to a popular brand or product.

"As millions of people use ChatGPT, it's unsurprising that we see ChatGPT-related scams, which have exploded over the past year, as cybercriminals take advantage of the hype around AI. But, the trusty email PDF is still the most common way cybercriminals deliver malware," said Sean Duca, VP, and Regional Chief Security Officer at Palo Alto Networks.


Moreover, the report said that the hackers were found more likely to target people visiting adult websites (20.2 per cent) and financial services (13.9 per cent) sites with newly registered domains (NRDs).

Compared to 2021, the exploitation of vulnerabilities has increased by 55 per cent in 2022.

Between 2021 and 2022, researchers saw the average number of attacks experienced per customer in the manufacturing, utilities and energy industry increased by 238 per cent.


"Threat actors are constantly evolving their techniques, employing evasion tools and camouflage methods to bypass detection. Organisations must guard against malware designed to exploit older vulnerabilities while proactively staying ahead of sophisticated new attacks," said Anil Valluri, Regional Vice President, India & SAARC at Palo Alto Networks. - IANS