One Anti-Virus Engine Is NOT Enough

Secure file upload - LoughTec

Many common file types, such as word processing documents, photo files, spreadsheets and PDFs make it easier for malicious actors to hide ransomware, zero-day attacks, and other advanced or targeted malware.

In our latest blog, hear from LoughTec’s Jonathan Adams on why one Anti-Virus engine is not enough to protect your web applications from malicious files.

Thanks for taking the time to read another of my articles. I really enjoy writing these and sharing my thoughts and advice with my wonderful network! Thanks to everyone who engaged and reached out to me following my previous articles.

Today I will be giving my thoughts, some stats and also my advice on preventing cyber-attacks via file upload. This topic is particularly relevant for organisations within the financial and legal sectors.

Sending physical documents seems part and parcel of everyday life. Gone are the days of applying for a loan or car finance physically – rather these are all now done virtually with application forms uploaded via a web portal. This also applies to the B2B world. Sending an invoice? Supplier portal – no post in 2021! Uploading a tender submission? Upload via our portal, and so on.

Organisations use web applications for file uploads as this streamlines their business by making it faster, easier, and less expensive to submit and share documents. However, this productivity and enhanced user experience also opens up the chances for additional attack vectors to come into their environment, including the potential for hackers to upload malicious files.

66% of organisations with a web application for file uploads are concerned about a loss in business or revenue or reputational damage related to unsecure file uploads.

Many common file types, such as word processing documents, photo files, spreadsheets and PDFs make it easier for malicious actors to hide ransomware, zero-day attacks, and other advanced or targeted malware. Even a simple and innocent photo can easily contain malicious code. A lot of current systems simply cannot detect or stop this threat – hence why we see endless cyber-attack stories on the news every day. It’s a question of if, rather than when.

Here are some key, and quite frankly worrying stats*. If you are anything like me, stats are very informative and tell a great story:

  • 66% of organisations with a web application for file uploads are concerned about a loss in business or revenue or reputational damage related to unsecure file uploads.
  • 33% of those organisations with a web application for file uploads do not scan all file uploads to detect malicious files and 20% scan with just one anti-virus engine.
  • 65% of organisations with a file upload web portal do not sanitise file uploads with Content Disarm and Reconstruct (CDR) to prevent unknown malware and zero-day attacks.

*Referenced from an OPSWAT Web Application Security Report 2021.

Power Of The Many

The key takeaways, in my opinion – yes it seems clear there is a genuine concern in regards to the security regarding file uploads, but it seems a lot of organisations are not following best practices to ensure they have sufficient security, with 53% of organisations interviewed using one or fewer anti-virus engines to scan files uploaded into their network. This is a gaping hole in their cyber security posture. Large organisations can have anywhere from 1,000 to 1,000,000 files being uploaded into their network every day. All it takes is for one of those compromised files to infect the entire network.

Here at LoughTec and our partners OPSWAT, we have a mantra that we trust no file, as one AV engine is simply not enough to detect malware threats in files. With one of the common, lower-performing AV engines, you will get a detection rate of 30-40% for the top 10,000 malware threats. The problem here is clear to see – the gate to your network is simply left open! One anti-virus engine is NOT enough!

Together with OPSWAT, we utilise a technology called anti-virus (AV) Multiscanning, which combines the detection ability of 35 AV vendors, such as CrowdStrike and McAfee, and merges them onto one platform, to provide the highest level of threat detection possible. This gives a detection rate of 99.3% of the top 10,000 malware threats. We call this the ‘Power Of The Many’.

In simplistic terms, consider you are going through airport security. One AV engine is the equivalent of a quick check over and allowing you to walk through. AV multiscanning is multiple skilled people scanning you multiple times, going through a bespoke scanning machine and then being personally scanned again. This would result in a much higher detection rate of something the airport doesn’t want to go through security.

My advice is to utilise multiple anti-virus engines to achieve the highest level of threat detection, as I cannot stress enough, one anti-virus engine is simply not enough.

Solution

We offer several solutions that utilise this same AV multiscanning technology, to scan files uploaded into your network, to ensure a detection rate of 99.3% of known malware threats coming into your network. When paired with our other technologies including data sanitisation (which removes any active content from within files that could be used to make it a threat), we also achieve protection against unknown threats, ensuring true zero-day prevention. This is how we add value to organisations within the financial and legal sectors. Examples of this include Sage, Landsbankinn, BidX1 and Carne Group.

If you wish to reach out and have a conversation on how AV multiscanning ensures you can trust files uploaded onto your network, or indeed discuss my R8 or EV’s, please feel free to DM me, email me on jonathan.adams@loughtec.com or call me on +44 (0) 7775 826 874.

LoughTec: Watertight Cyber Security and IT Solutions