Browser File Upload Threats – Cybercrime

Are your file uploads opening the door to hackers?

One of the most basic rules of cybersecurity is “be careful what you download”, but now there’s a new risk for computer users: dangerous uploads.

As browsers become more sophisticated, encrypted uploads are taking place in applications like Chrome – and true to form, cybercriminals are finding ways to exploit this movement of data to put critical company and personal files at risk.

Let’s explore the technical aspects making it possible for criminals to intercept uploads and go over some safety protocols that businesses can implement to protect their files.

Hackers exploit sophisticated browsers like Chrome

If you’ve been using the Internet longer than 10 years, you probably remember how primitive the first web browsers were. We’ve come a long way since Netscape Navigator – with the latest version of Chrome featuring automatic translation, productivity tools, and upload functionalities.

But it’s this last feature that’s presenting a problem to cybersecurity experts now as hackers exploit File System Access Application Programming Interface technology – or API – to steal data.

  • File system API is a type of code that allows web browsers like Chrome and Microsoft Edge to access the internal files on your computer.
  • This allows you to upload files more easily but is also resulting in interception by cyber criminals.

Unknowingly, internet users could find themselves becoming victims of ransomware as hackers intercept their uploads and gain access to important company files. A simple photo upload for editing using a friendly looking online editing tool can enable access for a hacker to your files and subfolders.

Given that more than 60% of the internet uses Chrome, that equates to several billion potential victims across the world.

Apple Safari users may not need to worry about this specific threat – or not yet anyway – but the popularity of Windows computers in many workplaces around South Africa means that a fair chunk of local businesses may be susceptible to this type of attack.

As with many cybersecurity issues, companies that aren’t aware of the threat and continue to use Chrome for uploads on a “business as usual basis” may be the worst affected.

Is it time to call a ban on uploads?

The best approach that companies can take is to prohibit uploads as a matter of policy while educating employees about the risks of uploading files online.

This is an essential first step which will help to increase compliance and boost data security overall.

Encrypted backup applications and file storage systems like Google Drive may be exceptions to the rule, with tightly controlled access privileges being standard practice.

Secure cloud storage has never been more important

The ongoing risk of cyberattacks highlights the need for secure cloud storage in every organisation.

Our range of encrypted backup solutions for companies of all sizes provide a turnkey solution that can help to ensure reliable data protection for your business.