PDF Files: Handy for Businesses — and Hackers

PDF photo

PDF files are the No. 1 type of file used in cyberattacks. Find out why hackers like to use them and how to protect your business.

Hackers really like PDF files. Out of all the types of files that can be turned into cyberweapons, PDF files top the most-used list, according to security researchers at Barracuda Networks. The researchers found that nearly 41 million PDF files were involved in cyberattacks in just a three-month period.

Given that PDF files are commonly used in the business world, it is important to protect your company against malicious ones. To do so, though, you first need to know how hackers can turn these seemingly simple files into cyberweapons.

How PDF Files Can Go from Helpful to Harmful

PDF files do more than just display text and static images. They can play animations and serve as electronic forms, for example. This versatility is due to the inclusion of many advanced capabilities, such as the ability to execute system commands and JavaScript code on computers, smartphones, and other devices. PDF files can also contain embedded files and hidden objects. Cybercriminals like to use these advanced capabilities to create PDF files loaded with malware.

Hackers also like to exploit security vulnerabilities in the software used to open and display PDF files, such as Adobe’s Acrobat Reader and Acrobat programs. By take advantage of the security vulnerabilities, cybercriminals can gain access to devices.

How to Protect Your Business

One way to prevent PDF-based cyberattacks is to uninstall or disable PDF software and tools, but this is often impractical. Fortunately, there are other measures you can take to protect your business:

  • Educate employees on the dangers of opening PDF files attached to emails, even if an email appears to come from someone they know. A hacker could be masquerading as the sender by spoofing the email address displayed in the “From” field. Or a hacker could have hijacked the sender’s email account and used it to send a malicious PDF file to everyone in the person’s contact list.
  • Warn staff about the dangers of downloading and opening PDF files they find on the Internet.
  • Make sure that PDF apps (e.g., Acrobat Reader) and web browsers with built-in PDF readers (e.g., Microsoft Edge) are being updated so that known vulnerabilities are patched. You should also update PDF web browser extensions. However, many extensions are not updated by their developers. If that is the case, you might consider disabling or uninstalling them.
  • Verify that the operating systems on your devices are being updated. This is particularly important on computers running Windows 10, since this operating system includes the built-in Print to PDF tool.
  • Confirm that each device’s security software is being updated in case an employee inadvertently opens a PDF file that contains known malware.

We can offer additional recommendations if your employees regularly work with PDF files, especially if the files are from unknown third parties.