wonderfully unique software solutions

Content can be key to securely uploading files, notes OPSWAT

The files and documents uploaded daily to a business network can be a real security risk, opening up a vector for cyber attack. However, it typically just isn’t practical to completely prevent employees from opening or uploading files.

With this in mind, security software vendor OPSWAT has launched a whitepaper explaining the key risks and what companies of all sizes should do to protect themselves.

“Restricting file types and scanning files with a single anti-malware engine is not enough. Advanced malware is able to evade sandboxes and other traditional detection methods, and with the complexity of files ever increasing, attackers have more opportunities to embed malicious content such as scripts or macros and exploits,” according to OPSWAT.

Most people are aware of malicious macros, but Microsoft Office documents can contain many other kinds of advanced threats as well. For example, OLE objects disguised as embedded multimedia or script-enabled ActiveX controls can be configured by attackers to download malicious payloads. PDFs or images may contain malicious JavaScript, or malicous files might be simply disguised as one of the more commonplace file types, OPSWAT notes.

Read the UK report into common cyber attacks.

Best practice

OPSWAT says that the first step to an effective defence is ascertaining the organisation’s specific situation and risks. What files and formats do users actually need to do their jobs? How many restrictions can be added without reducing productivity?

What sort of pre-processing happens to files before they become available to the end user? How good is your sandbox simulation? The specific answers may differ across parts of the company, or different people within the company.

A series of typical questions is outlined in the full whitepaper.

The next move is to filter out the unneeded file types, as well as potentially disguised or faked file types, reducing the overall number of potential attack vectors.

“It is essential to find and implement a solution that can identify the true type of a file even when it is disguised,” notes OPSWAT. “A lot of file verification solutions rely on merely reading the file extension. This is more dangerous than not having a solution in place at all, since users will expect that any file that comes through is safe to open.”

Document Type Declaration attacks should be prevented by sanitising the content to remove any potential callbacks or data exfiltration-crafted content. Active content use should be restricted. Define what sort of content is permissible to embed in the permitted files. Verify, for example, what PDFs actually contain.

“Having a PDF which contains a Word document attachment which has a macro embedded is no better than allowing macro enabled documents from the start. Similarly, hackers can craft file uploads to exploit the systems parsing the files,” notes OPSWAT.

According to OPSWAT, the four key steps to successfully managing secure file uploads include integration with antivirus APIs, always sanitising productivity files and documents, extracting archive file uploads, and verifying file types (and content).

Products like OPSWAT’s automated malware prevention system MetaDefender, which has content disarm and reconstruction capabilities as well as vulnerability assessment and multi-scanning, can be a help in this respect.

Users no longer need to install a rogue application in order to get infected – that can happen by opening what appears to be a resume, an invoice, a courier receipt, or any other productivity file. Also, attackers can benefit from poor input validation or even vulnerabilities in server-side processing solutions, according to OPSWAT.

Download the whitepaper here.

Recent Articles

RealVNC remote-access highlighted by six finalists for Raspberry Pi prize

RealVNC, maker of RealVNC Connect, has named six finalists for this year's RealVNC Raspberry Pi Prize with winner and runners-up to be...

Cyberattack climate entails customised firewalling, notes Stormshield

Firewalling at the edge is no longer enough so organisations increasingly need to combine suitable location with segmentation and zero-trust strategies that...

Palm vein biometrics market set to explode this decade

The market for palm-vein based biometrics has been forecast to expand in line with a compounded annual growth rate of 22.4% from...

Automox targets unsigned scripts with PowerShell signing capability

Endpoint management company Automox is unveiling Worklets Signing, which complements Worklets and Ask Otto with a view to helping companies dodge the...

Arista warns SMBs to take precautions against edge threats

Arista Networks, the vendor of Arista Edge Threat Management (ETM) has warned that SMBs aren't always aware of the extent of targeting...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox