What are File-Based Threats?

by | Feb 24, 2022 | Thought leadership

The nature of modern digital communication means that organizations create and share files in their billions on a daily basis. As such, they have become one of the ‘go to’ attack vectors used by cybercriminals and nation-state adversaries to gain access to networks, distribute malware or initiate ransomware attacks.

The risks are well known, with cyber hygiene and security training focusing on the need for user vigilance. Yet, our collective reliance on documents and files is so embedded into working culture that mistakes are inevitable.

What’s more, bad actors have become increasingly skilled in delivering email attachments that appear entirely genuine. As a result, organizations fall victim to cyberattacks that no amount of training can hope to prevent.

These risks are amplified by the inherent limitations of reactive security technologies – such as antivirus and sandboxing solutions – where new malicious content can remain undetected for up to 18 days before they are updated.

In contrast, Glasswall delivers proactive protection against file-based threats, safeguarding organizations from malware that can fly under the radar of legacy protection tools.

Our Content Disarm and Reconstruction (CDR) technology instantly cleans and rebuilds files (PDF, Excel etc) to match their ‘known good’ manufacturer’s specification – automatically removing potential cyber threats. This simple approach ensures every document entering or leaving the organization is safe, without sacrificing productivity, meaning users can trust every file.

Glasswall CDR addresses the five core categories of risk faced by organizations in their daily use of files:

1. Structural Deviations

Structural deviations are differences in how a file is composed, compared to that file type’s ‘known good’ specification. They represent a significant risk as malicious code can be hidden within.

How Glasswall Addresses Structural Deviations

Glasswall regenerates files to the safe standard of ‘known good,’ enforcing the format’s structural specification. Here’s how:

  1. Glasswall validates each structure in a file against its specification. Any that fail validation are marked non-conforming. 
  2. Glasswall performs remediation on these non-conforming structures, bringing them back into line.
  3. Glasswall rebuilds the files with its structure in the new compliant and standardized form. 
  4. Any malware that is hidden or obfuscated in the file structure has been disarmed, destroyed or removed.

2.Active Content

Active content is extra functionality in a file that can perform actions on end users’ machines, such as macros, JavaScript and embedded files. It is frequently exploited to trigger malicious activity.

In particular, high-risk active content is delivered in a number of formats, including:

  • Macros & JavaScript are forms of active code, which may be benign in nature, but all too often are used by bad actors to mount an attack against the user or receiving system when expressed in a business document.
  • Dynamic Data Exchange (DDE) within Microsoft documents is known to present risk as the protocol may be used to execute malicious code on the recipient’s computer.
  • Embedded objects within files may present a risk if they provide a way for active code to be triggered, or to hide data within a document.
  • An ‘Acrobat Form’, in addition to looking like a form, it may also contain active code (e.g. JavaScript) which could be malicious. They can also be used to hide objects inside other objects.
  • An action within a PDF may be benign in nature but is designed to make the document dynamic in nature. An attacker may use the action to trigger active code (e.g. JavaScript) or to send data to a URL. The functionality can be misused to cause harm to the recipient.

How Glasswall Addresses Active Content

Remove active content from files by applying policies and restricting features to only users who need them for specific business reasons. This means that users would not be exposed to unnecessary risks from active content.


3. Legacy Office Formats

There are a larger number of known vulnerabilities for legacy office formats which are still being exploited today.

For instance, the first version of Word, released in 1983, was for the MS-DOS operating system. It initially implemented the .doc format, but Word 2007 deprecated this format in favor of Office Open XML (.docx .xlsx and .pptx).

Legacy binary .doc .xls or .ppt files are an unnecessary risk for any organization. There’s no reason to use these old file types when the far safer XML formats have been available for over a decade. 

How Glasswall Addresses Legacy Office Formats

Glasswall regenerates binary Office files to the safe standard of ‘known good,’ enforcing the format’s structural specification and eradicating high-risk active content, mitigating the risk from legacy Office formats. 

4. High-Risk File Types

File types are deemed high risk if there are malware examples within the Glasswall Threat Intelligence data set. Examples include .html & .exe file types. These are more likely to be used for malicious purposes by attackers than by authorized users for legitimate purposes.

How Glasswall Addresses High-Risk File Types

Glasswall provides visibility and tooling to control which file types can enter the organization. As a result, users only receive file types compliant with corporate policy.

5. Identified Malware

Malware is software that’s intentionally been created to cause harm. Glasswall’s Threat Intelligence confirms when files have been identified as malware.

File-based threats and zero-trust

As organizations act to address changing security vulnerabilities, cybercriminals shift tactics in an effort to stay ahead. As a result, there has been significant growth in the adoption of zero-trust security – an approach that sees the world differently from other approaches to cybersecurity. In this context, no one is trusted by default, regardless of whether they are inside or outside a network because, without it, attackers can have unrestricted access across a network once they are inside.

Adding a Content Disarm and Reconstruction (CDR) capability to the cybersecurity stack plays a vital role in a rounded zero trust cybersecurity strategy, particularly in the fight against malicious file uploads. As recently highlighted by Gartner, “Restrict the file types to the minimum required. For allowed file types, there are essentially four options to limit the risk of malware upload: CDR provides the highest security.  Done well, CDR removes all threats from uploaded files without adding significant latency. Since it does not depend on the detection of known threats, it can even protect against completely new attack types.”

Further information: 

To read more about file-based vulnerabilities and Glasswall CDR, visit our website.

Related

What is Glasswall CDR?

Embedded Engine

CDR Platform

Solutions

REST APIs

Email Security

Threat Intelligence

Plug-ins

CDS Plug-in

ICAP Plug-in

Menlo Plug-in

Palo Alto Plug-in

apps

Apps

Clean Room

Desktop

Why CDR?

We believe people should be free to open their files without fear. Glasswall CDR takes a proactive approach to automatically remove all Zero-day threats from files, without sacrificing productivity.

Use Cases

Secure Email

File Uploads and Downloads

Malware Risk Removal

Metadata Removal

Cybersecurity Crisis Response

Cybersecurity Crisis Prevention

Cloud Native Integrations

Data Migrations

SDK Integration

Resource Library

Blog

Events

support lines

Support

Glasswall CDR Portfolio

Reactive cybersecurity is failing - it’s time for a better way. Traditional detection-based security methods play catch up with new threats. Find out how your organization can take a proactive approach to cybersecurity.

strategic alliances

About our Partner Program

Our Partners

Become a Partner

Bringing File-based threat protection to your customers

Offer a richer security portfolio with the most agile CDR platform on the market. Stand out from the competition with a partner program built for you. Let’s make files safer together.

About Glasswall

Our People

Careers

communication

Contact Us

support lines

Support

Raising the bar on file security

We believe people should be free to open their files without fear. To click on anything without risk of catastrophe. To use systems the way they were meant to be used. That’s why we’re raising the bar on file security at Glasswall.