Protecting file uploads is critical to cyber security

Large enterprises upload a multitude of files to their networks every day. This includes uploads to backup servers, unified communications platforms and websites. But when it comes to uploading files, even large enterprises may be vulnerable.

Unrestricted file uploads leave easy openings for attackers to inject malicious code into business systems and networks. Many attacks start out by trying to infiltrate code into the target system. This is accomplished by the use of file uploads, which then allows hackers to continue with the attack and find ways to execute the malicious code.

The prevalence of these attacks is common and they can have a harmful impact on businesses. Depending on how the application handles the uploaded file and where it is stored, there could be serious repercussions. A complete system takeover, an overloaded file system or database, client-facing attacks, or simple defacement are all potential consequences of cyber attacks.

Protecting networks from malicious file uploads

There are two kinds of problems that may arise. The first is when the application is tricked by file metadata into overwriting a file or storing it in a bad location. The second kind of problem has to do with the size or content of the file. The range of issues in this situation entirely depends on the purpose of the file.

Tech leaders can ensure that their corporate networks are protected from malicious file uploads by adopting the appropriate solutions. To secure their internet connection, emails, and all endpoints, IT teams must take action. Malicious file uploads that wreak havoc on the company network will be less likely with next-generation firewalls that provide comprehensive protection.

Three risks associated with file uploads

There are three major risk areas brought about by file uploads. The first kind attacks your infrastructure and attackers can accomplish this in one of two ways:

1. Uploading a file with the same name and extension as an existing file can overwrite the existing file. Such a file could now be used to launch a server-side attack, shutting down your website or to facilitate the uploading of further malicious files in order to exploit you for ransom.
2. Another way that hackers could target your infrastructure is through malicious content. Files containing an exploit or malware could be used to take control of the server and cause very costly business compromise and reputational damage.

Client-side attacks are the second risk associated with unprotected file uploads. Uploaded files containing exploits, malware, malicious script or macro would be used to infect and gain control of users’ machines.

The third type of attack can stop your services from operating normally. When uploaded files are extremely large and use up a lot of resources on your server, your service could become unavailable or your system or equipment might stop working properly. This might occur if the system receives a large volume of requests that are out of the ordinary.

Ten ways to prevent file upload attacks

Here are ten practices for large enterprises to protect file uploads:

1. Authenticate users - Although it is still possible that a user's machine has been compromised, it is prudent to require user authentication before allowing them to upload a file. Authentication methods range from password to biometric authentication.
2. Scan for malware - Ensure that all files are scanned for malware. Antivirus, malware and spyware protection is provided by advanced security software. Aim to get the highest detection rate and the shortest window of exposure to malware outbreaks.
3. Remove possible embedded threats - Commonly used files like Microsoft Office documents, PDFs and images may contain embedded threats in hidden scripts. These have the ability to evade detection by anti-malware engines. Using the content disarm and reconstitution (CDR) method to remove any embedded threats greatly reduces risk.
4. Check for vulnerabilities in uploaded files - Before uploading, software and firmware files should always be checked for security vulnerabilities.
5. Only allow specific types of files - Limit the types of files that can be uploaded to prevent potentially malicious content from being uploaded to your systems.
6. Verify file types - Verification of these files is recommended in addition to limiting the types of files that are allowed to be uploaded. Files may pretend to be one of the permitted types, when in fact they have merely been renamed as such. Your security measures could easily be tricked into accepting a trojan horse or other virus if they only run checks on file names.
7. Limit length of file names and file sizes - To prevent possible DDoS attacks, it's important to limit the size of uploaded files and set a maximum length for file names.
8. Randomise uploaded file names - Attackers would not be able to identify their files if you altered all uploaded files names randomly.
9. Store uploaded files outside of your web root folder - In order to prevent attackers from executing the file via the assigned path URL, the directory to which files are uploaded should be outside of the website's public directory.
10. Use simple error messages - Do not reveal directory locations, server configuration settings, or other information that attackers can use to access your systems further when displaying file upload errors.

Your business benefits from protecting file uploads

By adopting these measures, you will protect your service from unrestricted file upload attacks, reduce the amount of money your company spends on security and shield both you and your customers from hacks and data leaks that could seriously harm your systems and reputation.

To ensure safe and secure end-to-end security solutions, SEACOM has partnered with industry-leading security experts. Kenyan enterprises can rely on SEACOM's security solutions. For more information or to get a quote for these services, email us at marketing@seacom.com or leave us a message.

SEACOM owns Africa’s largest network of information and communications technology (ICT) infrastructure, including fibre optic networks and subsea cables. We offer a wide range of industry-leading scalable ICT solutions for large companies that operate throughout the region.

SEACOM is privately owned - making it adaptable to the needs of the client. We are the preferred ICT and internet connectivity supplier for African enterprises. We can guarantee fast, reliable and secure internet and networking services at affordable prices.

For‌ ‌more‌ ‌information‌ ‌on‌ these solutions, ‌follow‌ ‌us‌ ‌on‌ ‌‌LinkedIn‌,‌ ‌‌Facebook‌ ‌or‌ ‌‌Twitter.‌ ‌Keep‌ ‌an‌ ‌eye‌ ‌on‌ ‌our‌ ‌‌news‌ ‌section‌‌ ‌for‌ ‌industry news and announcements on African ICT, internet connectivity, cloud services and security solutions.