Support 100 years of independent journalism.

Advertorial feature by Clearswift
  1. Spotlight
  2. Cyber
26 April 2019updated 08 Sep 2021 3:42pm

Understanding cyber security’s bigger picture

Digital imaging is providing a new threat landscape that needs to be dealt with.

By Dr Guy Bunker

Cyber criminals are becoming increasingly creative in delivering sophisticated attacks through innocuous-looking documents, email messages, social media and even text messages. Their latest threat vector, however, is everyday digital image files: PDF, .JPG, .PNG and so on. These are becoming the delivery source of targeted Advanced Persistent Threats (APTs) on the way in, and tools for concealing critical information on the way out.

Traditional Data Loss Prevention (DLP) solutions provide basic protection against the traditional threat of someone trying to send a file to an unauthorised individual. Today, data loss prevention requires a step change. Advanced Deep Content Inspection (DCI) of email messages, attachments and web upload/downloads is required to detect sophisticated threats such as ransomware which is embedded in documents and images. Once detected, Clearswift’s Adaptive Redaction technology – developed to modify the content of files on-the-fly – can be used to redact only the malicious or sensitive data.

We often don’t give images a second thought; they are in presentations and documents all the time, but what sorts of risks can they pose? These days the multi-function printer enables remote printing, standard photocopying and the ability to scan and send to an email. When the device scans the document, it typically creates a PDF, but each page in the document is actually an image. These images are not picked up with traditional DLP solutions.

Clearswift has a number of new innovative features which combat this next-generation data loss risks through images. Optical Character Recognition (OCR) is a technique for analysing images and extracting the text, such as it can be processed like a normal electronic document using DLP functionality.

This issue is not restricted to scanned documents; other techniques such as screenshots can also be used to turn critical information into an image, but OCR enables them to be analysed and DLP will prevent data leaks. A further enhancement to OCR enables redaction of text in images. Images can also be used to “hide” information. Some of this can be found in the document properties, for example geographical co-ordinates as to where the picture was taken.

Sign up for The New Statesman’s newsletters Tick the boxes of the newsletters you would like to receive. Quick and essential guide to domestic and global politics from the New Statesman's politics team. The New Statesman’s global affairs newsletter, every Monday and Friday. The best of the New Statesman, delivered to your inbox every weekday morning. The New Statesman’s weekly environment email on the politics, business and culture of the climate and nature crises - in your inbox every Thursday. A handy, three-minute glance at the week ahead in companies, markets, regulation and investment, landing in your inbox every Monday morning. Our weekly culture newsletter – from books and art to pop culture and memes – sent every Friday. A weekly round-up of some of the best articles featured in the most recent issue of the New Statesman, sent each Saturday. A newsletter showcasing the finest writing from the ideas section and the NS archive, covering political ideas, philosophy, criticism and intellectual history - sent every Wednesday. Sign up to receive information regarding NS events, subscription offers & product updates.

This information can be used to identify locations and there have been several incidents with military personnel leaking information through these means. Document Sanitisation is a technique to remove document properties to prevent that mechanism of inadvertent data loss.

Content from our partners
How automation can help telecoms companies unlock their growth potential
The pandemic has had a scarring effect on loneliness, but we can do better
Feel confident gifting tech to your children this Christmas

However, images can also be used to hide information, with a technique called steganography. This is where tools can be used to subtly change the image, such that, to the naked eye, there is no visible difference, and then used to exfiltrate data.

Anti-steganography functionality will disrupt the image, so that no data can be extracted. Steganography is used in bot nets to communicate on the inbound traffic flow, the same anti-steganography techniques can be used to disrupt that communication channel to keep the organisation safe. Images are often overlooked, but the next generation of threats has emerged and is using them.

Dr Guy Bunker is chief technology officer at Clearswift.