Organizations are evidently lackadaisical when it comes to file security in web applications, OPSWAT found. Cybercriminals are always on the prowl for new ways to break the access barrier to organizations, especially in the past year and a half. OPSWAT’s findings indicate most organizations are at risk of being targeted through insecure file uploads through web apps.
According to file transfer cybersecurity vendor OPSWAT, there exists a huge gap between organizational concern with respect to web application security and their action to secure it. OPSWAT’s Web Application Security Report 2021 is based on responses of hundreds of global IT security professionals, the majority of which expressed deep concerns about cyberattacks from file uploads as a new attack vector, and the subsequent loss in business or revenue, and reputational damage, denial of service (DoS), etc.
Yet, only a handful of all those surveyed have implemented 10 out of the 10 best practices that OPSWAT recommends. The findings are a stark reminder of how organizations can slack off when it comes to the security fabric of their networks despite being aware of the threats at large.
The ramifications of the software supply chain infiltration of the SolarWinds network monitoring software Orion are still fresh. It hasn’t even been a year since Orion was hacked. The application was used by approximately 33,000 organizations, such as the top 10 U.S. telecom carriers, over 425 of the U.S. Fortune 500 companies, all five of the top U.S. accounting firms, and more.
The profundity of the attack – a cyber espionage campaign – can be encapsulated by the fact that it infected nearly 18,000 companies, including:
- Tech giants Microsoft, Cisco, Intel, VMware, etc.
- Security companies FireEye, CrowdStrike, etc.
- Consulting major Deloitte and others.
- Nine federal government agencies departments of treasury, commerce, defense, justice, etc.
What’s more is that the hackers, widely believed to be Russian-origin APT29, remained undetected for months until the malicious operations were exposed.
Cybercriminals had a field day, rather year in 2020, as the Wuhan virus inflicted havoc globally and culminated into an unprecedented pandemic. Suddenly organizations had to shift to remote work environments, which also increased the attack surface area, now extended to private, unsecured home networks.
Working outside the corporate perimeter exposes vulnerable endpoints. Poss security hygiene also threatens virtual private networks (VPNs) and the remote desktop protocol (RDP) implementations.
Additionally, the use of the internet also surged in line with social distancing measures and lockdown protocols. Telehealth consultations, ecommerce, internet banking, and multiple such use cases gave rise to millions of new phishes in the sea. A report found that 85% of U.S. organizationsOpens a new window were victimized by phishing attacks in 2020.
Estimated losses from cybercrime amounted to $4.2 billion in 2020, a 20% jump from $3.5 billion in 2019. Malicious activities slipped over well into 2021, which is noteworthy for some of the biggest ransomware attacks ever perpetrated. Attacks against critical infrastructure are also on the rise. The biggest ones are:
|
Company |
Ransomware Attacker | Ransom Demand | Month of Incident (2021) |
| Kaseya | REvil | 70 million |
July |
| REvil | $50 million | March | |
| Quanta/Apple | REvil | $50 million |
April |
| LockBit 2.0 / Insider | $50 million | August | |
| CNA Financial | Phoenix Locker | $40 million |
May |
| DarkSide | $4.4 million | May | |
| JBS Foods | REvil | $11 million |
May |
See Also: Your Organization Could Be at Risk of Being Breached in the Next 12 Months: Trend Micro
The threat intelligence arm of Palo Alto Networks, Unit 42’s Ransomware Threat ReportOpens a new window , noted how even stopping ransomware is becoming increasingly difficult. The company assessed that the average ransomware payment surged by 82% to $570,000 in H1 2021 compared to 2020. This is after a more than significant 171% rise last year.
Ransomware attacks registered between January and July 2021 are at 84% (2,084) of the total ransomware incidents noted in the whole of 2020 (2,474). At this rate, it is reasonable to expect that this will surpass the previous year’s numbers.
So concerns are a natural reaction. What’s unnatural, however, is the inaction on the part of organizations.
Findings From OPSWAT’s Web Application Security Report
OPSWAT focuses on file uploads through web applications as a possible attack vector. Use cases include form and application submission, file sharing, content collaboration, etc.
The volume of file uploads hovers anywhere between 500 – 5000 for 49% of organizations, while 51% upload over 5000 daily.
Number of Daily File Uploads | Source: OPSWATOpens a new window
Some web applications that accept file uploads are public clouds such as Microsoft Azure, AWS, Google Cloud Platform, and others; SaaS applications, etc.
File uploads scanning and other best practices
“More than half the organizations surveyed implement five or fewer of the recommended 10 best practices. It should come as no surprise that they are worried about the security of files uploaded to their web applications,†OPSWAT said.
Fully Implemented File Upload Security Best Practices | Source: OPSWAT
Just 7% of organizations that accept file uploads have fully file scanning implementations. 27% have partially implemented, and 64% do not scan. User authentication fared a bit better (93% full or partial implementation), while almost half (46%) do not check these files for vulnerabilities. Only 30% remove embedded threats.
File Security Best Practices Findings |Source: OPSWAT
See Also: 91% of Industrial Companies Face Information Security Threats: Report
Use of antivirus, anti-malware engines, and CDR
Correspondingly, just over two-thirds of organizations leverage antivirus or anti-malware scanning for all file uploads. “The efficacy of antivirus scanning is directly correlated to the number of engines in use because each additional engine increases the chances of detecting a threat. Previous OPSWAT research reveals that scanning with just four (4) antivirus engines only results in a 62.80% detection rate of the top 10,000 threats. Even scanning with eight (8) antivirus engines only results in an 84.58% detection rate.â€
|
Number of Antivirus Engines |
4 | 8 | 12 | 16 | 20 | 30 |
| Detection Efficacy | 62.80% | 84.58% | 90.53% | 97.31% | 98.69% | 99.29% |
Â
It is clear that organizations need to deploy at least 30 engines to achieve a 99% detection rate. Unfortunately, a meager 3% have deployed 30 antivirus engines.
Antivirus or Anti-Malware Engine Deployment | Source: OPSWAT
With such a casual approach to detection mechanisms, it is encouraging to see that 35% have implemented prevention-through-data sanitization techniques such as Content Disarm and Reconstruction (CDR). “CDR is built with deconstructs files into discrete components, removes anything potentially malicious from them i.e. sanitizes the individual components, and reconstructs them back into a safe to consume file without impacting file integrity or functionality.,†OPSWAT explained.
Needless to say, there’s still a long way to go. So the fact that 87% of organizations are extremely or very concerned about file upload indicates an awareness of consequences.
Most concerning consequences of unsecure file uploads
Unsecure File Upload Consequences | Source: OPSWAT
Closing Thoughts
It is obvious that organizations need to transmute concerns into action. Merely knowing about an issue at hand without ramping up efforts won’t protect the organization’s fabric from looming threats. OPSWAT also found that the cybersecurity budgets of 82% of organizations are increasing either substantially or moderately.
So the only question is: will this be enough?
Note: 302 global IT security professionals participated in OPSWAT’s survey for the Web Application Security Report 2021. They were/are in charge of the security of web applications or portals that accept at least 500 file uploads per day at companies with at least 250 employees (25%) and 1,000 employees (75%).
Let us know if you enjoyed reading this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!