File names help hackers find what they are looking for

Explicit filenames providing hacker signposts to sensitive data

Enterprise staff are unwittingly helping hackers find documents containing valuable data by using giveaway keywords in file names.

According to the latest edition of the 'Cloud Risk Adoption & Risk Report 2015', published today by Skyhigh Networks, average businesses using file-sharing services upload 6,097 documents with ‘salary’ somewhere in the file name, for example, and 2,217 filenamed ‘confidential’.

The other most commonly-used filename words for sensitive data are 'bonus', 'budget', 'competition', 'passport', 'password', and 'press release'. Hackers are able to use these helpful terms to locate the most valuable data that they can then steal and use for further malicious purposes, or to sell-on. Draft press releases are much sought after because they could contain information that can be used for insider trading.

Across all documents uploaded to file-sharing services, the most common type of sensitive content is confidential company data – business plans, financial records, source code, and trading algorithms – the report claims.

In the report's analysis, a total of 7.6 per cent of documents in file-sharing services contain confidential data. That is followed in percentage terms by personally-identifiable information – Social Security numbers, tax identification numbers, postal addresses, telephone numbers, and so on – at 4.6 per cent of all documents, and payment data – such as credit- and debit card numbers, and bank account numbers – in 2.2 per cent of documents.

Some 1.8 per cent of such documents contain protected health information, such as patient diagnoses, medical treatments, and medical record IDs.

Cyber-criminals are seeking out documents containing company budgets, employee salaries, and Social Security numbers, said Skyhigh Networks' European spokesperson Nigel Hawthorn: “The average organisation stores thousands of such documents in file-sharing services... The hackers' goal is to often disrupt the operations of these companies, or to use this information for financial gain”.

Employees also upload revealingly-named image and PDF copies of personal passports, PowerPoint presentations featuring market intelligence on competitors, Hawthorn said, along with local database files that specify employee salaries.

“HR and legal departments should review the current employee safe computing policy, and ensure that it is up-dated to include the use of cloud computing,” added Hawthorn. “Users need constant reinforcement to ensure that they do not risk their own data – and their employer’s data. We typically find that, sadly, every large organisation has a small percentage of employees who are serial transgressors. A clear policy is needed, backed-up with technology to investigate breaches – and a disciplinary process for the worst cases.”

The report also found that average companies also have hundreds of MSG- and EML-format email files containing sensitive information, exported from programs such as Microsoft Outlook. When exported, their file names usually denote the email subject.

The 'Cloud Risk Adoption & Risk Report' analysed data from 23 million cloud users worldwide, and 16,000 unique cloud services at companies across major industries. These industries included business services, education, energy, financial services, healthcare, high-tech, legal, manufacturing, public sector, real estate, retail, transportation, and utilities.

More information:

Sign up to the E&T News e-mail to get great stories like this delivered to your inbox every day.

Recent articles