The latest cyber-attack trend that our Chorus Cyber CSOC is seeing: Malicious PDF Link Obfuscation
Cyber attackers are always looking for new ways to trick users into granting access into their accounts and when a method is successful, it often becomes more widespread in the hopes of being repeatedly successful. Over the past few weeks, our Chorus Cyber CSOC has see a growing trend involving the use of PDF links to obfuscate malicious links sent to targeted users.
What does the attack look like?
- A user receives an email containing a link to a document that has been shared with them, typically asking for approval or review. This has recently been observed as both DocuSign and Adobe PDF links.
- The link leads the user to a PDF, viewable on the web. As this is a PDF hosted on adobe[.]com, it will appear as a normal document, including the usual Adobe PDF functionality options, and can contain any design or branding elements required (image below).
- This PDF will often contain a button, link, or other hyperlinked item designed to attract the user’s attention and look official.