How to secure file uploads to business applications with GLIMPS Malware?

From insurance statements and credit applications to job applications and university enrolments, many online procedures are now paperless, requiring users to upload documents to these platforms.

While this procedure may seem harmless, it is not without risk. Rarely secure, the upload function can enable a malicious actor to send a file that has been booby-trapped within the business application. In the worst-case scenario, this document is only scanned when it is stored within the information system, and more often than not by solutions that are inadequate to deal with the new threats.

So what can be done to contain these malicious acts? What are the risks associated with file uploads? Why aren’t business applications sufficiently protected? And how does GLIMPS Malware ensure security at this stage?

In the collective imagination, Word documents, PDFs and Excel spreadsheets are often perceived as commonplace and harmless. In reality, however, these files are regularly used as attack media by cybercriminals.

According to a study dating from 2023, no fewer than 411,000 malicious files are sent every day in the form of Microsoft Office documents or PDFs. This represents an increase of almost 3% over the previous year.

For example, an employee of an insurance company who downloads a PDF from his or her business application may, without any or insufficient prior security process, unwittingly end up with a document containing hidden executable code that could infect his or her workstation.

A situation which raises the question of web application security.

In the insurance industry, claims are generally made online. The policyholder is asked to upload the supporting documents required to build up the file. These files are directly integrated into the company’s information system, and can then be processed by the operators.

For Cédric GIBERT, Product Director at GLIMPS, this procedure poses a number of risks: “It’s not uncommon to find that files are stored without being checked, and are only subjected to a virus detection scan after the fact. This means that the danger is already present in the document space, posing serious security problems in the event of mishandling.”

In the best-case scenario, an antivirus solution performs a check before files are downloaded. While this is a good practice, in reality, traditional antivirus software offers no real protection against advanced threats.

An alternative approach is to use a web application firewall (WAF), which supervises API calls and HTTPS requests. Unfortunately, the problem here is the same. Many WAFs on the market integrate traditional antivirus software, which remains incapable of detecting the most advanced threats, such as polymorphic and 0-day malware.

This problem is also encountered in the healthcare sector. The transfer of patient files between different information systems, such as those used by ambulance services or private clinics, is often not sufficiently secure. Each uses its own business applications to manage these files.

Often, these business applications are old and were developed for internal use, where security was not a priority. The main objective was to ensure the smooth exchange of information. Today, particularly in hospitals, it is necessary to have these information systems certified. This certification procedure can be problematic, especially in the case of programs developed more than ten years ago, which may no longer be maintained.

The question then arises: what can be done to protect environments suffering from significant technological debt?

To meet these challenges, GLIMPS Malware offers advanced detection capabilities thanks to Artificial Intelligence and Deep File Inspection, a mechanism for detecting malicious elements hidden within a file.

GLIMPS Malware thus acts as a first filter for all files incoming from the business application, and does so automatically.

Another advantage is that, while antivirus scans can be slow, the GLIMPS Malware API analyzes and delivers a verdict in just three seconds, which is perfectly compatible with the user experience expected when submitting a file. In comparison, more cumbersome solutions such as sandboxes typically require several minutes to analyze a file.

To facilitate integration, GLIMPS Malware offers libraries in the Python and Golang languages from its official Github repositories, making it easier to query its API.

The advantage of the Python library lies in its ease of integration. It is thus possible to add a software brick that automatically detects the file, submits it to the API for analysis, and waits for the verdict before transferring it to the target server.

The GLIMPS Malware solution is available in SaaS (Software as a Service) mode, or can be deployed on site (on-premise). It can be hosted on the customer’s own infrastructure or in the cloud.

If you would like to find out more, please contact our sales team.