APT attackers are shifting from malicious Word documents to malicious PDFs according to Trend Micro. The flaw in question was patched on Feb 20 (http://blog.trendmicro.com/trendlabs-security-intelligence/zero-day-vulnerability-hits-adobe-reader/), but I wonder if this doesn’t mark a larger shift.
I feel like people in general are moving away from using Word files to share documents, in favor of PDFs and the like. If this attack trend keeps up it may serve as solid evidence. APT attackers are better than prediction markets: since it’s their job to find the most common way to deliver documents, it stands to reason they’d hug the curve better than anyone else.
“Our research indicates that attackers engaged in APT campaigns may have adapted the exploit made infamous by the MiniDuke campaign and have incorporated it into their arsenal. At the same time, we have found that other APT campaigns seem to have developed their own methods to exploit the same vulnerability. The increase in malicious PDF’s exploiting CVE-2013-0640 may indicate the start of shift in APT attacker behavior away from using malicious Word documents that exploit the now quite old CVE-2012-0158.”