PDFSider Malware Attack: What Texas Businesses Can Learn From a Fortune 100 Breach

Cybersecurity researchers have uncovered a new, highly stealthy Windows malware strain dubbed PDFSider that was used in a targeted attempt against a Fortune 100 financial firm.

Unlike commodity ransomware that loudly encrypts files, PDFSider behaves more like an advanced persistent threat (APT) by:

  • Exploiting trusted software to hide its payload
  • Embedding itself mainly in memory to avoid detection
  • Using encrypted command-and-control channels to receive instructions
  • Leveraging DLL side-loading — tricking Windows into loading malicious code through a legitimate application
  • Trick employees with sophisticated social engineering to install remote support tools that open the network door for attackers

Because it blends in with legitimate activity and uses encrypted backdoors, PDFSider doesn’t look like a typical “virus” to your antivirus or endpoint detection systems, making it dangerously effective for long-term access and espionage-style attacks. Check out our managed services to see how we help protect our clients.

Stealth Malware Doesn't Break In, It Blends In

How the Attack Worked

Cybercriminals didn’t just knock on the network, they socially engineered employees into helping them. The attack chain included:

  1. Spear-phishing emails targeting specific individuals
  2. A ZIP file containing a trusted PDF application (signed and benign) plus a malicious DLL
  3. When launched, the legitimate app unknowingly loaded the malware
  4. Once active, the malware opened a covert remote shell with encrypted communications
  5. Attackers could then survey systems, move laterally, and prepare follow-on actions with minimal visibility

This approach, combining phishing with covert execution, is a growing trend among sophisticated threat actors because it evades traditional defenses.

What This Means for Your Business

If a Fortune 100 company with enterprise defenses can be targeted by advanced malware, your business is also at risk, especially if:

  • You rely on remote support tools or unmanaged software installs
  • You lack well-configured email filtering and multi-factor authentication
  • You don’t actively monitor for anomalous remote access or abnormal DNS traffic
  • You haven’t trained users on evolving phishing threats

Modern malware doesn’t crash your files, it hides, waits, and blends in with normal operations. That’s why detection and response must evolve too.

How SofTouch Systems Helps Prevent & Recover from Attacks Like PDFSider

At STS, we approach cybersecurity from three strategic pillars, Prevent, Detect, Recover:

1. Prevent: Harden Your Environment

We help you:

  • Design and implement robust endpoint protections that go beyond signature-based antivirus
  • Configure secure remote access and block unauthorized use of tools like Quick Assist
  • Deploy secure email gateways and phishing defenses that catch malicious ZIPs and spear-phish attempts
  • Enforce strong password policies and multi-factor authentication

Why it matters: PDFSider infections begin with tricking users and exploiting trusted apps, reducing opportunities for these attacks is step one.

2. Detect: See What Others Miss

STS offers continuous monitoring tools and threat hunting services that:

  • Detect telltale signs of DLL side-loading and in-memory malware
  • Correlate system events with suspicious network traffic (like encrypted DNS activity)
  • Alert your team in real time when anomalous remote sessions start

Why it matters: Threats like PDFSider avoid disk artifacts and may bypass AV, real detection requires smarter monitoring than legacy tools.

3. Recover: Minimize Damage If You’re Hit

We support strong recovery protocols including:

  • Incident response planning and tabletop exercises
  • Rapid remediation, forensic analysis, and threat eradication
  • Backup integrity checks and restoration services
  • Post-breach hardening to ensure the same attack doesn’t happen again

Why it matters: Ransomware and backdoor malware can lie dormant before unleashing damage, having a practiced response plan saves time and money.

In a World of Stealthy Malware, Visibility Is Your Best Defense

PDFSider exemplifies how threat actors are shifting away from noisy, loud attacks toward stealth, persistence, and deception. Simple antivirus and reactive defenses aren’t enough.

With STS as your cybersecurity partner, you gain:

  • Smart detection tuned to real threats
  • Defense-in-depth protections for endpoints and networks
  • Practical user-focused training and resilient recovery plans

If your business hasn’t done a deep security assessment in the last 12 months, or you’re unsure where your biggest risks lie, let’s talk about a tailored cybersecurity strategy.

Know What’s Running on Your Network Before Attackers Do

Advanced malware like PDFSider doesn’t announce itself. It hides, blends in, and waits. If you’re unsure whether your current tools would even detect an attack like this, it’s time for a closer look.

Schedule a Free Security Risk Review with SofTouch Systems and find out:

  • What your antivirus can’t see
  • Where attackers would likely gain persistence
  • How fast you could realistically recover

No pressure. No scare tactics. Just clear answers.

Home » Recent Blog Posts

Antivirus vs. Endpoint Security: What’s the Difference?

For many Texas small businesses, antivirus feels like a solved problem. After all, most computers already have something installed. However, that assumption quietly creates risk. When business owners compare antivirus vs endpoint security, they often believe they are choosing between similar tools. In reality, they are choosing between two very different levels of protection.

Today’s cyberattacks do not rely on obvious viruses alone. Instead, attackers exploit stolen credentials, legitimate tools, and everyday user behavior. Because of that shift, cyber insurance carriers and auditors now expect protections that traditional antivirus was never designed to provide.

So let’s break this down clearly, without jargon, and explain why this distinction matters more than ever.

Antivirus vs Endpoint Security: What's the difference?

What Traditional Antivirus Is Designed to Do

Antivirus software was built for a simpler threat landscape. Its primary job is to detect known malicious files and remove them before they cause damage. To do that, antivirus relies heavily on signature databases and reputation checks.

In practical terms, antivirus focuses on:

  • Scanning files for known malware
  • Blocking suspicious downloads
  • Quarantining obvious threats

For many years, that approach worked reasonably well. However, attackers adapted. As a result, modern breaches rarely start with a noisy virus alert.

More importantly, antivirus operates in isolation. It watches files, not behavior. It reacts to threats, rather than preventing them from spreading.

That limitation explains why antivirus alone no longer satisfies cyber insurance expectations.

What Endpoint Security Actually Covers

Endpoint security takes a broader, more realistic view of risk. Instead of focusing only on files, it protects the entire device, and how that device behaves inside your business environment.

Endpoint security typically includes:

  • Behavior-based threat detection
  • Real-time monitoring of system activity
  • Isolation of compromised devices
  • Centralized visibility across all computers
  • Continuous response, not just alerts

Rather than asking, “Is this file bad?” endpoint security asks, “Does this behavior indicate an attack?”

That shift is critical. Many modern breaches involve legitimate tools, trusted software, or stolen credentials. Antivirus often sees those as normal. Endpoint security does not.

At SofTouch Systems, endpoint protection is paired with 24/7 monitoring, so alerts are not just logged, they are acted on.

Antivirus vs Endpoint Security: The Real Differences

When clients ask us to explain antivirus vs endpoint security, we usually frame it this way:

Antivirus is a seatbelt.
Endpoint security is the entire safety system.

Here’s how they differ in real-world terms:

Antivirus

  • File-focused
  • Signature-based
  • Reacts after exposure
  • Limited visibility
  • Minimal reporting

Endpoint Security

  • Behavior-focused
  • Detects unknown threats
  • Stops lateral movement
  • Centralized control
  • Insurance-aligned reporting

Because of these differences, endpoint security significantly reduces dwell time, the period attackers remain inside a system undetected.

Why Cyber Insurance Now Cares About Endpoint Security

Over the past two years, cyber insurance requirements have tightened dramatically. Carriers learned a hard lesson: businesses with only antivirus still get breached.

As a result, insurers now commonly require:

  • Advanced endpoint protection or EDR
  • Centralized monitoring
  • Evidence of active threat response
  • Reduced reliance on user judgment

Basic antivirus checks none of those boxes.

Even worse, many businesses discover this gap after an incident, when a claim is delayed or denied due to “insufficient controls.”

Endpoint security, on the other hand, provides the visibility and documentation insurers want to see.

Cyber Insurance, worth the price tag?

The False Sense of Security Antivirus Creates

One of the most dangerous aspects of antivirus is psychological. Because it runs quietly in the background, business owners assume they are protected.

However, modern attacks often look like this:

  1. A stolen password is used to log in
  2. Legitimate tools run malicious commands
  3. Data is accessed or encrypted
  4. No virus is ever detected

In that scenario, antivirus never triggers, because nothing technically “looks wrong.”

Endpoint security detects the abnormal behavior, flags the device, and contains the threat before damage spreads.

Why SMBs Are the Primary Targets

Large enterprises expect attacks. Small businesses often do not.

Attackers know that SMBs:

  • Rely on default security
  • Lack internal IT teams
  • Trust antivirus alone
  • Carry cyber insurance payouts

That combination makes smaller organizations attractive targets.

Endpoint security levels the playing field by giving small businesses enterprise-grade protection, without enterprise complexity.

How STS Approaches Endpoint Security

At SofTouch Systems, we don’t treat endpoint security as a standalone tool. Instead, we manage it as part of a layered security strategy that includes monitoring, response, and documentation.

We deploy enterprise-grade endpoint protection using Bitdefender, combined with human oversight. That means alerts are reviewed, devices are isolated when needed, and patterns are tracked over time.

Most importantly, clients gain clarity. They know what’s protected, what’s happening, and where gaps still exist.

That visibility is the foundation of No-Surprise IT.

So, Which One Do You Actually Need?

Antivirus is not useless. In fact, it is still a basic requirement.

However, antivirus alone is no longer enough.

Endpoint security builds on antivirus and fills the gaps attackers now exploit. For businesses that rely on email, cloud services, remote work, or cyber insurance, endpoint protection is no longer optional, it is expected.

Next Step: Identify Your Gap

If you’re unsure whether your current setup meets today’s standards, that uncertainty itself is a risk.

Schedule a Free Antivirus vs Endpoint Gap Assessment with SofTouch Systems.
We’ll review your current protection, identify blind spots, and explain, in plain English, where you stand.

No pressure. No upsell. Just clarity.

SofTouch Systems — No-Surprise IT.

Home » Recent Blog Posts

How Cybercriminals Target Small Texas Businesses in January

January creates the perfect opening for cybercriminals, especially when it comes to how cybercriminals target small Texas businesses. After the holidays, many companies return to full operations while still running on relaxed habits from December. At the same time, attackers know businesses feel busy, distracted, and focused on the new year.

Because of this timing, January consistently brings an increase in phishing emails, account takeovers, and ransomware attempts aimed at small businesses. While large enterprises receive headlines, attackers quietly focus on smaller companies that lack full-time security staff.

Most attacks don’t rely on advanced hacking. Instead, they exploit routine behavior that feels harmless during a busy restart.

Post-Holiday Password Exposure Creates Opportunity

During the holidays, employees often reuse work passwords for personal shopping, travel sites, or seasonal promotions. As a result, those passwords frequently end up in large data breaches announced weeks later.

Once January begins, attackers test those leaked passwords against business email and cloud accounts. Because many businesses still rely on passwords alone, attackers gain access without triggering alarms.

However, businesses that enforce strong password rules and multi-factor authentication immediately reduce this risk. In contrast, companies that delay updates give attackers an open window.

Surfshark VPN is an affiliate of STS

Fake Invoices and “New Year” Emails Surge in January

Another common tactic involves fake invoices and urgent emails that reference:

  • New year billing updates
  • Updated tax documents
  • Vendor payment confirmations
  • Payroll or bonus adjustments

Because these messages align with real January activity, employees trust them more easily. Consequently, phishing success rates rise sharply during the first few weeks of the year.

Attackers rely on speed and pressure. Therefore, they often include language like “action required today” or “account suspended.” Once someone clicks the link, attackers harvest login credentials or deliver malware.

Remote Work Habits Remain a Weak Spot

Although many businesses return to the office in January, remote access remains common. Unfortunately, attackers know this and actively scan for exposed remote systems.

In many cases, small businesses still use:

  • Weak remote desktop passwords
  • Shared credentials
  • Unpatched VPN software

As a result, attackers gain entry without ever sending an email. Instead, they simply log in.

Because of this risk, January becomes a testing ground for attackers probing which businesses kept systems updated over the holidays—and which ones did not.

Outdated Devices After the Holidays Increase Risk

During December, many companies pause updates to avoid disruptions. While that choice feels reasonable, it creates problems in January.

Unpatched devices often contain known vulnerabilities that attackers actively exploit. Therefore, cybercriminals target businesses that delay updates into the new year.

Even worse, some businesses add new devices in January without proper security setup. As a result, those systems connect to networks without antivirus, monitoring, or policy enforcement.

Tax Season Scams Begin Earlier Than Most Expect

Although tax season feels far away, attackers start early. In January, they send emails pretending to be:

  • Accountants
  • Payroll services
  • Tax software providers

These messages often request employee data, W-2 information, or login access. Because businesses expect tax-related communication soon, employees comply without verifying the sender.

Consequently, identity theft and financial fraud spike long before filing deadlines arrive.

Why Small Texas Businesses Get Targeted More Often

Cybercriminals don’t target Texas businesses because of geography alone. Instead, they focus on predictable patterns.

Small Texas businesses often:

  • Operate lean teams
  • Rely on trust and long-term relationships
  • Avoid complex security tools
  • Delay upgrades to control costs

Because of this, attackers assume weaker defenses. While that assumption isn’t always true, it proves accurate often enough to keep them trying.

What January Attacks Have in Common

Despite different tactics, January attacks share three traits:

  1. They exploit routine behavior
  2. They rely on stolen credentials
  3. They succeed when security gaps go unnoticed

Fortunately, these attacks also fail quickly when businesses apply basic protections consistently.

How SofTouch Systems Helps Reduce January Risk

At SofTouch Systems, we focus on preventing predictable attacks rather than reacting after damage occurs.

We help businesses:

  • Enforce multi-factor authentication
  • Keep antivirus definitions current
  • Monitor systems continuously
  • Identify risky behavior early
  • Educate employees without fear tactics

Because we manage these protections year-round, our clients don’t enter January exposed or guessing.

Prevention Beats Cleanup Every Time

Once an attacker gains access, recovery costs rise fast. Downtime, lost trust, and emergency response always cost more than prevention.

However, businesses that enter January with enforced policies, updated systems, and monitoring avoid most of these issues entirely.

That difference separates calm starts to the year from chaotic ones.

Final Thought

Cybercriminals don’t need creativity. They rely on timing, distraction, and routine mistakes.

January gives them all three.

When businesses understand how cybercriminals target small Texas businesses, they gain the advantage. Preparation turns predictable attacks into failed attempts—and keeps the new year focused on growth instead of recovery.

SofTouch Systems MSP for business

Not sure where your business stands going into the new year?
SofTouch Systems offers a 15-Minute January Security Checkup to identify common gaps attackers exploit during this time of year.

We’ll review your exposure, explain risks in plain English, and help you start the year protected, without surprises.

Home » Recent Blog Posts