Researchers from Ruhr-University Bochum in Germany have unveiled a new attack class that could enable the bypassing of security countermeasures in digitally signed PDF documents and utilizes the “enormous flexibility provided by the PDF specification so that shadow documents remain standard-compliant,” according to The Hacker News.
The method of the attack involves the threat actor creating a PDF document containing content that the party signing the document expects to see plus a piece of concealed content that becomes visible after the PDF is signed.
“The signers of the PDF receive the document, review it, and sign it. The attackers use the signed document, modify it slightly, and send it to the victims. After opening the signed PDF, the victims check whether the digital signature was successfully verified. However, the victims see different content than the signers,” the researchers explained.
The researchers said they tested 29 PDF viewers and found 16 – including Adobe Acrobat, Perfect PDF, Okular and Foxit Reader – that were vulnerable to shadow attacks.
Jill Aitoro is senior vice president of content strategy for CyberRisk Alliance. She has more than 20 years of experience editing and reporting on technology, business and policy. Prior to joining CRA, she worked at Sightline Media as editor of Defense News and executive editor of the Business-to-Government Group. She previously worked at Washington Business Journal and Nextgov, covering federal technology, contracting and policy, as well as CMP Media’s VARBusiness and CRN and Penton Media’s iSeries News.
Ukraine has been targeted by Russian threat actors in the new Operation Texontodisinformation campaign that also involved spear-phishing and credential exfiltration tactics, according to The Hacker News.
Record high ransomware and data extortion incidents experienced by Western nations last year have prompted former National Security Agency Director Michael Rogers to call for a reevaluation of their cybersecurity defense strategy.