Protecting file uploads is critical to cyber security

On a daily basis, large enterprises upload a multitude of files to their networks. This includes uploads to websites, servers and unified communications platforms. But even large organisations can experience vulnerabilities when it comes to transferring files.

Unrestricted file uploads can sometimes leave openings for attackers to inject malicious code into business systems and networks. The repercussions can be serious and depend on what the application does with the uploaded file and where it is stored. Cyber attacks may result in a complete system takeover, an overloaded database, client-facing attacks, or simple defacement.

Protecting networks from malicious file uploads

There are two kinds of problems that may arise. The first is when the file metadata tricks the application into overwriting the file or storing it in a bad location. The other problem is with the file size or the content itself. In this case, the range of issues depends on what the file is used for.

By adopting the appropriate solutions, tech leaders can ensure their corporate networks are protected from malicious file transfers. IT teams should secure their internet connections, including emails and all endpoints. Next-generation firewalls that offer comprehensive protection can also help to reduce the risk of malicious file uploads.

Three risks associated with file transfers

There are three major risk areas created by file uploads. The first kind attacks your infrastructure and there are two ways in which attackers can accomplish this:

1. Uploading a file with the same name and extension as an existing file can overwrite the existing one. Such a file could now be used to launch a server-side attack, shutting down your website or to facilitate the uploading of further malicious files in order to hold your data ransom.
2. Hackers could target your IT infrastructure through malicious content. Files containing an exploit or malware could be used to take control of the server and cause costly reputational damage.

The second risk associated with unprotected file uploads are client-side attacks. Uploaded files containing exploits, malware, malicious script or macro would be used to infect and gain control of users’ machines.

The third type of attack could cause a disruption to your services. When uploaded files are extremely large (resulting in high consumption of your server’s resources), your service could become unavailable, or your system may fail to function in the normal way.

Malware could land up on your laptop which in the future could be a contributor to a distributed denial-of-service attack (DDoS) attack.

Cyber criminals can store a specific piece of malware on a device and leave it dormant on a host’s machine. Then further down the line, they "activate" the malware through a command to target a source IP. DDoS attacks also pose a huge risk to public institutions and state-owned entities. Enterprises should ensure they have suitable DDoS protection as part of their cyber security portfolio.

Ten ways to prevent file upload attacks

Here are ten practices for large enterprises and SMEs to protect file uploads:

1. Authenticate users - Although this does not rule out the possibility that a user’s machine has been compromised, it is prudent to require users to authenticate themselves before uploading a file. Methods of authentication vary from password to biometric authentication.
2. Scan for malware - Ensure that all files are scanned for malware. Advanced security software can protect against viruses, malware and spyware. Aim to get the highest detection rate and the shortest window of exposure to malware outbreaks.
3. Remove possible embedded threats - Commonly used files like Microsoft Office documents, PDFs and images may contain embedded threats in hidden scripts. These can avoid detection by anti-malware engines. Removing possible embedded threats by using a method called content disarm and reconstitution (CDR) greatly reduces risk.
4. Check for vulnerabilities in uploaded files - Software and firmware files should always be checked for weak spots before they are uploaded.
5. Only allow specific types of files - Prevent potentially malicious content being uploaded to your systems by limiting the types of files allowed for upload.
6. Verify file types - In addition to restricting the types of files that are permitted to be uploaded, these files should also be verified. Files may pretend to be one of the permitted types, when in fact they have merely been renamed as such. If your security measures only run checks on file names, it could easily be deceived into accepting a trojan horse or other virus.
7. Limit length of file names and file sizes - Ensuring that you set a maximum length for file names and limiting the size of file uploads is vital to rule out possible DDoS attacks.
8. Randomise uploaded file names - Attackers would not be able to identify their files if you altered all uploaded files names randomly.
9. Store uploaded files outside of your web root folder - The directory to which files are uploaded should be outside of the website’s public directory so that the attackers cannot execute the file via the assigned path URL.
10. Use simple error messages - When displaying file upload errors, do not include directory paths, server configuration settings or other information that attackers could potentially use to gain further entry into your systems.

Protecting file uploads benefits your business

Adopting these measures will protect your service from unrestricted file upload attacks, optimise your company’s security expenditure and protect you and your customers from hacks and data leaks.

SEACOM Business has partnered with industry-leading security experts to ensure safe, end-to-end IT solutions. From secure internet connections and hosted email to endpoint protection and firewalls, our security solutions have South African enterprises covered. For more information or to get a quote for our cyber security solutions, email us at marketing@seacom.com or leave us a message.

SEACOM owns Africa’s most extensive network of information and communications technology (ICT) infrastructure, including subsea cables and secure internet connections. We offer a diverse range of flexible, scalable and high-quality solutions for businesses that meet world-class standards for connectivity.

SEACOM is privately owned and operated, making it agile and adaptable to the needs of the customer. This makes us the preferred ICT and internet connectivity partner for African businesses and peripheral service providers. We can guarantee high-speed, low-latency and secure internet connections to corporates and small enterprises.

For‌ ‌more‌ ‌information‌ ‌on‌ our internet and voice solutions, ‌follow‌ ‌us‌ ‌on‌ ‌‌LinkedIn‌,‌ ‌‌Facebook‌ ‌or‌ ‌‌Twitter.‌ ‌Keep‌ ‌an‌ ‌eye‌ ‌on‌ ‌our‌ ‌‌news‌ ‌section‌‌ ‌for‌ ‌insightful‌ ‌articles‌ and relevant news stories on African ICT, internet connectivity and our leading cloud and security solutions.

Need internet for your home? Our subsidiary, WonderNet, brings fast and cost-effective broadband internet to all Africans with a fibre-to-the-home offering.