Check Point warns of PDF malware explosion

Christopher Tredger
By Christopher Tredger, Portals editor
Johannesburg, 23 May 2024
Check Point security engineer Rudi van Rooyen.
Check Point security engineer Rudi van Rooyen.

PDFs have become the leading vector for malicious attachments, making up nearly 70% of all malicious files last month, up from 20% in 2023 and 16% in 2022.

This is according to statistics from Check Point Research, adding that e-mail remains remains the primary threat vector, with 90% of attacks originating from e-mails.

"In fact, 1 out of every 246 email attachments and 1 out of every 287 links are malicious," the security company notes. "Of all malicious files, PDFs seem to be the most innocuous," notes the security company.

Check Point Research has found that, over the last 30 days, PDFs account for 69.1% of all malicious files globally. The next closest is exe, at 15.7%. While the prevalence of malicious PDFs is concerning across various industries, healthcare is hit the hardest, as 83% of all malicious files are PDFs.

Rudi van Rooyen, Check Point security engineer, explains that PDF-based attacks exploit loopholes in traditional security scanners - PDFs often rely on signature-based detection and hackers exploit this by embedding URLs, scripts, and hidden content in PDFs to evade detection. 

AI-powered Deep PDF

To address this, Check Point has developed an AI-powered engine called Deep PDF,  which utilises deep learning algorithms to analyse the internal structure of the PDF,  embedded images, and their placement; embedded URLs and their context within the document; as well as raw content within the PDF.

According to Van Rooyen, Deep PDF technology is part of Check Point ThreatCloud AI, and is available to all Check Point customers, from small businesses using firewalls to multinational companies using the complete security platform.

He adds that Check Point provides necessary skills and training through initiatives like Check Point SecureAcademy, online training platforms, and partner-driven bootcamps.