Support 100 years of independent journalism.

Advertorial feature by Clearswift
  1. Spotlight
  2. Cyber
26 April 2019updated 08 Sep 2021 3:42pm

Understanding cyber security’s bigger picture

Digital imaging is providing a new threat landscape that needs to be dealt with.

By Dr Guy Bunker

Cyber criminals are becoming increasingly creative in delivering sophisticated attacks through innocuous-looking documents, email messages, social media and even text messages. Their latest threat vector, however, is everyday digital image files: PDF, .JPG, .PNG and so on. These are becoming the delivery source of targeted Advanced Persistent Threats (APTs) on the way in, and tools for concealing critical information on the way out.

Traditional Data Loss Prevention (DLP) solutions provide basic protection against the traditional threat of someone trying to send a file to an unauthorised individual. Today, data loss prevention requires a step change. Advanced Deep Content Inspection (DCI) of email messages, attachments and web upload/downloads is required to detect sophisticated threats such as ransomware which is embedded in documents and images. Once detected, Clearswift’s Adaptive Redaction technology – developed to modify the content of files on-the-fly – can be used to redact only the malicious or sensitive data.

We often don’t give images a second thought; they are in presentations and documents all the time, but what sorts of risks can they pose? These days the multi-function printer enables remote printing, standard photocopying and the ability to scan and send to an email. When the device scans the document, it typically creates a PDF, but each page in the document is actually an image. These images are not picked up with traditional DLP solutions.

Clearswift has a number of new innovative features which combat this next-generation data loss risks through images. Optical Character Recognition (OCR) is a technique for analysing images and extracting the text, such as it can be processed like a normal electronic document using DLP functionality.

This issue is not restricted to scanned documents; other techniques such as screenshots can also be used to turn critical information into an image, but OCR enables them to be analysed and DLP will prevent data leaks. A further enhancement to OCR enables redaction of text in images. Images can also be used to “hide” information. Some of this can be found in the document properties, for example geographical co-ordinates as to where the picture was taken.

Sign up for The New Statesman’s newsletters Tick the boxes of the newsletters you would like to receive. Quick and essential guide to domestic and global politics from the New Statesman's politics team. The New Statesman’s global affairs newsletter, every Monday and Friday. The best of the New Statesman, delivered to your inbox every weekday morning. A handy, three-minute glance at the week ahead in companies, markets, regulation and investment, landing in your inbox every Monday morning. Our weekly culture newsletter – from books and art to pop culture and memes – sent every Friday. A weekly round-up of some of the best articles featured in the most recent issue of the New Statesman, sent each Saturday. A weekly dig into the New Statesman’s archive of over 100 years of stellar and influential journalism, sent each Wednesday. Sign up to receive information regarding NS events, subscription offers & product updates.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy

This information can be used to identify locations and there have been several incidents with military personnel leaking information through these means. Document Sanitisation is a technique to remove document properties to prevent that mechanism of inadvertent data loss.

However, images can also be used to hide information, with a technique called steganography. This is where tools can be used to subtly change the image, such that, to the naked eye, there is no visible difference, and then used to exfiltrate data.

Anti-steganography functionality will disrupt the image, so that no data can be extracted. Steganography is used in bot nets to communicate on the inbound traffic flow, the same anti-steganography techniques can be used to disrupt that communication channel to keep the organisation safe. Images are often overlooked, but the next generation of threats has emerged and is using them.

Dr Guy Bunker is chief technology officer at Clearswift.