FEATURE: SECURING ENTERPRISES
File obscurement
PDFs can be heavily obfuscated, making it difficult to detect malicious behaviour. Attackers often use encryption, filters, and indirect objects to hide their true intentions.
While these techniques can make the file appear corrupt or suspicious, many common PDF readers are designed to prioritise robustness over strict adherence to the PDF specification, allowing such files to open correctly for the user but fail detection by automated systems.
CYBERCRIMINALS OFTEN TURN TO
PDFS FOR PHISHING BECAUSE THE FORMAT
IS WIDELY REGARDED AS SAFE AND RELIABLE.
Machine Learning evasions
As security systems increasingly rely on machine learning, ML to detect threats, attackers are finding ways to evade these models. One common technique is embedding text in images rather than using standard text formats, forcing security systems to rely on Optical Character Recognition, OCR to extract the text and making it more prone to errors and delays.
Attackers may even manipulate the images, using low-quality files or altering characters in subtle ways to confuse OCR software.
In addition to this, attackers may add invisible or extremely small text to deceive Natural Language Processing, NLP models, making it harder for security systems to understand the document’ s true intent. p
www. intelligentcio. com INTELLIGENTCIO AFRICA 37