Sharing and downloading files, such as documents, programs, pictures, music, and movies is one of the most appreciated aspects of the Internet that we need to do frequently. There are many different ways to share files between users. Some of the most common techniques for storing and distributing files include:
- Removable storage media
- File transfer protocol (FTP) programs
- Peer-to-peer networks
- Online storage websites or file hosting services
Such easy and common use of the Internet can also involve the risks to be aware of, including copyright infringement, expensive lawsuits, and potential criminal consequences. Hackers can attack file sharing applications by infecting files with malware and then getting users to install those infected files in their systems. In addition, some file-sharing apps can even request open ports on a user’s firewall and allow attackers to view your communication. Transferring official files over FTP can leave your data exposed to a number of security attacks such as a brute force attack or packet sniffing because FTP does not provide encryption for data transfer. The followings are some tips for securely sharing and downloading files.
- Ensure HTTPS Always: If the download address is not using HTTPS, the website could be hijacked by hackers easily. At least two techniques here can be used to perform such man-in-the-middle hijacking attacks: DNS hijacking and Backdoor Factory.
- Secure Accounts: Keeping a strong password and enabling Multi-Factor Authentication/2-Factor Authentication are the most necessary steps in reducing the chances of data theft. The passwords must be of at least eight characters and include a combination of numbers, upper and lower case letters.
- Keep Your Security Software Updated: Ensure full protection of your system by keeping your anti-malware software up and running. Before downloading, check that your firewall is enabled. If a P2P program asks you to disable your firewall, it may not be a legitimate P2P program.
- Insist Upon Encryption: If you are sending sensitive information to an authorized party and want your information to be completely safe, always use a medium that offers encryption. Using encryption will scramble the information and make it unreadable to eavesdroppers unless they have the key to decrypt it.
- Check all Details When Installing a P2P Program: When installing a file from a shared network, always clarify what folders on your system will be made public in order to avoid exposing your private data. In addition, always close the program when not in use.
- Follow Secure Email Practices: Never open an attachment from an unknown sender and always scan the files from the trust senders with your anti-malware program before opening it. It may happen that the source is reliable but they themselves may not know that the file is infected.
- Take Precaution with Portable Storage Media: Never connect any portable storage device to your computer if you are not sure of its origin. When connected, always scan the device with your anti-virus or anti-spyware before opening the folder.
If you experience a data breach after accidentally downloading malicious files, LIFARS is here to help you solve the problem! LIFARS’ Incident Response Team handles data breach response and emergency situations with military precision throughout the entire lifecycle of an incident. We report on progress and recommendations for the best course of action for your business continuity to minimize your exposure, reduce threat surface, and enable rapid recovery. Our Incident Response and Digital Forensic highly skilled team of professionals will effectively manage data breach response, examine digital evidence and compromised systems for forensic artifacts of threat actor actions, lateral movement and data exfiltration, including social security numbers, driver licenses, health records, or any other sensitive data. Our skilled investigative team leverages knowledge from previous investigations to better understand an attacker’s lateral movement through an enterprise using attacker exploitation techniques, tactics and procedures (TTPs) and collected set of Indicators of Compromise(IOCs). Communication with executives and board is done on a daily basis.