By Davey Winder Senior Contributor
Beware these dangerous PDFs.
Beware of the TOAD, that鈥檚 the advice from Cisco Talos, a well-respected threat intelligence research team in the world of cybersecurity and business alike. The TOAD in question is a Telephone-Oriented Attack Delivery threat. I know all about these, having been targeted very recently by just such an attack. You might want to simply dump a TOAD attack into the phishing bucket along with everything else. Still, it鈥檚 worth separating out to understand the methodology employed, as it could just save your Microsoft, PayPal or Geek Squad accounts. The Cisco Talos report, based on an analysis of emails between May 5 and June 5, found those brands were among the most impersonated, and revealed that attackers were delivering malicious PDF attachments to victims in TOAD emails. Here鈥檚 what you need to know and do.
ForbesFBI 2FA Bypass Warning Issued 鈥 The Attacks Have StartedBy Davey Winder
Malicious PDF Document TOAD Attacks 鈥 Do Not Open That File
鈥淎 significant portion of email threats with PDF payloads persuade victims to call adversary-controlled phone numbers,鈥 Omid Mirzaei, security research lead in the email threat research team at Cisco Talos, said in the July 2 report. This is because PDFs, or portable document format, if you want to be more formal, files can be created from other applications and then rendered by other reader applications. This has meant it has become a prime method of distributing documents, and a weapon in the arsenal of those who would attack you. 鈥淚n recent months,鈥 Mirzaei said, 鈥渋t has also been exploited for illegitimate purposes, such as brand impersonation.鈥
According to research carried out by Mirzaei and the Cisco Talos team, a significant portion of email threats with a PDF payload are of the TOAD variety. 鈥淰ictims are instructed to call a specific number in the PDF to resolve an issue or confirm a transaction,鈥 Mirzaei warned.
鈥淭OADs are nothing new, but their resurgence recently has been notable,鈥 Lucy Finlay, director of secure behaviour and analytics at Redflags from ThinkCyber, said. 鈥淭his evolution is accelerated by the use of AI to identify legitimate login URLs of well-known brands that are vulnerable to takeover and imitation,鈥 Finlay continued, concluding that it鈥檚 鈥渆xtremely hard for the victim to use traditionally taught security awareness techniques to detect the scam.鈥
MORE FOR YOU
But the message is clear, given that attack flows have been spotted very recently, you should avoid opening or responding to, by clicking links or taking advice from unexpected telephone calls, any PDF documents claiming to be from Microsoft, PayPal or Geek Squad in particular, or any well-known brand more generally. “This is why security training needs to be integrated into daily workflows,鈥 Finlay said, 鈥渁nd nudging at the point of risk is an effective way to do this.鈥 If a user receives an email from an address that looks extremely plausible, what with it purporting to be from a known brand, and contains a link or attachment, 鈥渁 nudge on these elements to urge caution may be enough to stop the victim from going on to respond to the attempt,鈥 Finlay concluded.
Here鈥檚 where you can get more advice on how to protect yourself from such attacks, provided by Microsoft, PayPal and Geek Squad, including scams beyond the PDF file attacks covered in the Cisco Talos report.
ForbesAndroid Warning For 3.3 Billion Users As SMS Attacks SurgeBy Davey Winder
Editorial StandardsReprints & Permissions