Calling CISO’s: Can you really trust a PDF document containing a Digital Signature based on Script?
The challenge: Today many official incoming documents into an organization are received by Email, in a PDF format. Some of them are digital invoices received by the finance department, which by law, need to be signed digitally, and to be stored for years.
The purpose of the embedded Digital Signature authenticates two things;
- That the identity of the document signer is known and trusted by his certificate
- That the document has not been modified since the signature was applied.
The recipient of the signed document needs to perform the authentications manually (an action that generally is not fulfiled), before it is stored digitally for years, as requested by the relevant law.
Consider the infinite possibilities for malicious code entering the network, and the gaping hole it leaves for cyber-attacks to be perpetrated.
Although the Digital Signature addition is there for security reasons, the insertion of the Digital Signature adds Script to the PDF file. Script is a known feature of PDF files such as the Macro within Microsoft Office files. Script and Macro were developed as useful positive features, but currently are abused by hackers as the trigger for modern attacks such as file encryption – Ransomware.
In the digital signed PDF document, when the document recipient opens it and asks to check the embedded digital signature manually, he actually runs an embedded Script, all of which occurs before the recipient can even be sure who the real signer of the document is.
This incident must cause worry to every CISO in any organization that receives digitally signed documents and inserts them into it’s secured network. Each and every singular Digital Signature as sophisticated content that needs to be checked very carefully.
Response: The common content filter systems currently on the market, including those intending to prevent the insertion of malicious content (such as: Anti-Virus, Sandboxes, Firewalls, Mail-Relay etc.) in most cases do not include these checks as part of their solution. Most do not have a response for Scripts and Macros filtering, while some of them that offer a response against Scripts and Macros merely block those same documents , therefore damaging business continuity, preventing the necessary documents such as invoices from arriving at its destination. Some of those security systems offer the removal of the Script from the contained document file, meaning actually preventing the possibility of authenticating the signature, at least manually.
As we can see, most filtering systems prevent the ability to securely authenticate the digital signature (signer identity and document originality), and in addition don’t perform the Script checking themselves before the user opens of the file.
Clearly the security mission in this case is to authenticate the Digital Signature before opening the document, and not once it has imported a threat into your network.
Do you prefer to verify it at the gateway before it goes into the network, or would you prefer to employ the current techniques and allow it into your network – once it will be too late?
YazamTech is an innovator of a comprehensive cyber security range of File Stream Filtering solutions to prevent infected file streams (such as Emails) from entering the customer networks, either by blocking the infected file streams, or by actively sanitizing them before their entrance.
Our product SelectorIT (https://yazamtech.com/selectorit ) provides the ability to: Analyse the original data files, Remediate their content and Synthesize clean new files.
As a security response against the Digital Signature threat in PDF files, SelectorIT contains unique abilities against these risks: 1) Performing Static Analysis to the Scripts and Macro, without execute them, 2) Checking the Digital Signature validity against its Certificate, and 3) Checking the document originality.