File-based threats and where to find them

by | Aug 5, 2022 | Thought leadership, Product Announcements

Digital files are critical to any organization. They enhance productivity, aid learning and boost collaboration. However, they are the Achilles heel of most organizations’ cybersecurity defenses. They can be used as an invisibility cloak where cybercriminals hide malicious content, passing through detection-based security solutions with ease.   

In this blog we are going to highlight the malicious content that can reside within files and pinpoint the attack vectors utilized by cybercriminals that help deliver file-based threats to your organization. 

 

What are file-based threats? 

As the name suggests, file-based threats are malicious pieces of code that reside within a file. Cybercriminals use vulnerabilities to embed threats within everyday files and use these often seemingly safe business documents to target individuals or organizations. Once a file passes undetected into an IT environment these threats can ‘detonate’ with disastrous effect. 

Malware (short for malicious software) refers to any software designed to intentionally damage, disrupt or breach an organization’s IT infrastructure. It is a term that encompasses common threats such as viruses, ransomware, worms, trojans and more. 

Hidden in files, malware bypasses detection-based cyber defenses. Once activated, cybercriminals are able to disrupt business operations, gain unauthorized access to classified and sensitive information, or can even hold an organization and its data to ransom.  

 

What vulnerabilities do my files contain? 

Each file type contains certain vulnerabilities that leave an organization at risk of a cyber-attack. They can be manipulated by cybercriminals to steal data or to plant malicious content. 

Common vulnerabilities include: 


Acroforms
 

‘Acrobat forms’ look just like any other form, -but they may also contain active code such as JavaScript. This active code can be exploited by cybercriminals to launch attacks that are commonly missed by traditional detection-based cyber security solutions.   


Macros and JavaScript
 

Macros and JavaScript are forms of active code. These extra file functions can perform actions without a user’s permission, starting a chain reaction of malicious events. When these are present in a document, they are often used by cybercriminals to mount an attack against the user or receiving system.  


Dynamic Data Exchange (DDEs)
 

Cybercriminals can use DDEs in Microsoft documents to execute malicious code on a recipient’s computer. 


Digital signatures
 

If the ownership and trust of the certificate chain has been compromised, a cybercriminal could trick a user into opening a document that contains malicious content. 

 

Embedded objects 

Embedded objects within files can be used to hide data or provide a way for active code to be triggered. These objects are often used by cyber criminals to perform actions without a user’s permission or knowledge.  

 

Hyperlinks 

Hyperlinks are often used in phishing attacks. Cybercriminals create links that look legitimate and trustworthy on the surface, but once clicked, take a user to a different destination and a chain of malicious events is activated.  

 

Review comments and metadata 

Sensitive information that a company does not want to disclose to the public can be found within metadata. This could be the name of the author of a file, tracked changes or review comments. Cybercriminals can access this data using it for malicious purposes, damaging the reputation of an organization when the breach is disclosed. 

 

Where to find file-based threats: 

Simply put, anywhere a file crosses a trust boundary there is risk. However here are the main attack vectors you should have proactive file-based protection for: 


Cloud services
 

Cloud services provide infrastructure, platforms, software, and technologies to organizations via the Internet. There is no need for investment in internal infrastructure or hardware. The ‘online’ nature of these services means that unlike traditional internal infrastructure, files are now always found and downloaded from the web. This increases the number of files crossing organizations’ trust boundaries, which increases the risk faced from file-based threats.  

Recommended Glasswall solutions – REST API’s, Plug-ins, Clean Room and Desktop 


Web browsers
 

Web browsers give users the ability to download and upload files freely to the web. While this has profound benefits for boosting organizational productivity, it also significantly increases the file-based risks associated with malicious content entering an organization’s IT infrastructure. Don’t forget, most traditional protection systems are not able to fully protect against file based-threats due to their detection-based nature. 

Recommended Glasswall solutions – REST API’s, Plug-ins, Clean Room and Desktop 


Social media
 

Social media is tool that promotes sharing and collaboration. While most of the activity on social media is confined to social feeds, many large players in the market, such as Facebook, Twitter and Instagram, allow users to upload and download files via their messaging services. Users that access their social media accounts on an organization’s hardware leave their infrastructure susceptible to file-based threats.  

Recommended Glasswall solutions – REST API’s, Plug-ins, Clean Room and Desktop 


Email clients
 

Email clients are well known for being the attack method of choice when it comes to phishing attempts. However, this is not the only risk they pose to organizations. Users regularly upload and download files when completing everyday work tasks, increasing the likelihood of file-based threats entering an organization’s IT infrastructure.   

Recommended Glasswall solutions – Glasswall Email Security 


Physical storage devices
 

When using a USB device or an external hard drive, the data held within can still harbor malicious content. If a user plugs a device into an organization’s network to transfer what they believe to be safe files, they could easily be exposing their organization to file-based threats. Once these files enter a network it is likely they will be either sent to colleagues or stored on a cloud for easy collaboration, spreading risky files to every corner of the organization.  

Recommended Glasswall solutions – Clean Room and Desktop 

 

The best defense against file-based threats is Glasswall CDR 

Unlike other security solutions, Glasswall CDR (Content Disarm and Reconstruction) doesn’t rely on detection. Instead, we instantly rebuild every file back to a standard which removes the possibility for file-based threats to reside within a document – its ‘known-good’. We also ensure this standard matches the manufacturer’s specification, which means unlike other CDR vendors who use file-flattening, files processed by Glasswall CDR are fully functional for the end user. 

At Glasswall we understand that a solution can only be effective if it can offer protection at the right time and the right place. Our range of solutions have been developed to ensure that your organization is protected against file-based threats across the attack vectors that deliver them to your organization.  

To find out more head to www.glasswall.com or follow the links earlier in the document to see which Glasswall CDR solution is best suited to your needs.  

 

 

Related

What is Glasswall CDR?

Embedded Engine

CDR Platform

Solutions

REST APIs

Email Security

Threat Intelligence

Plug-ins

CDS Plug-in

ICAP Plug-in

Menlo Plug-in

Palo Alto Plug-in

apps

Apps

Clean Room

Desktop

Why CDR?

We believe people should be free to open their files without fear. Glasswall CDR takes a proactive approach to automatically remove all Zero-day threats from files, without sacrificing productivity.

Use Cases

Secure Email

File Uploads and Downloads

Malware Risk Removal

Metadata Removal

Cybersecurity Crisis Response

Cybersecurity Crisis Prevention

Cloud Native Integrations

Data Migrations

SDK Integration

Resource Library

Blog

Events

support lines

Support

Glasswall CDR Portfolio

Reactive cybersecurity is failing - it’s time for a better way. Traditional detection-based security methods play catch up with new threats. Find out how your organization can take a proactive approach to cybersecurity.

strategic alliances

About our Partner Program

Our Partners

Become a Partner

Bringing File-based threat protection to your customers

Offer a richer security portfolio with the most agile CDR platform on the market. Stand out from the competition with a partner program built for you. Let’s make files safer together.

About Glasswall

Our People

Careers

communication

Contact Us

support lines

Support

Raising the bar on file security

We believe people should be free to open their files without fear. To click on anything without risk of catastrophe. To use systems the way they were meant to be used. That’s why we’re raising the bar on file security at Glasswall.