Microsoft SharePoint Use Models and Security Risks

Trend Micro
Date of Publication: 
April 2010

Knowledge Base item Tags:


Without question, these new collaboration capabilities are valuable to business. Improved remote or regional communication, increased speed of decision making, and reduced in-person meetings and travel expenses are all cited as important business benefits of SharePoint deployments in the U.S. and Europe. However, it is important to recognize that new capabilities also give rise to new security risks.

Traditionally, SharePoint was primarily a central repository for employees to share files within the corporate network, and the security risks stemmed from viruses and worms self-propagating across and within networks. Such attacks tied up network bandwidth, slowed access to systems, and impaired employee productivity. And unlike today, these attacks were highly visible, and their impact was limited to a defined period.

Today, profit-driven threats are hidden, operating in stealth mode in order to steal your data. The attacks are significantly more harmful, sophisticated, and insidious. For example, recent exploits of vulnerabilities in the Microsoft operating system have allowed worms such as Downad.A to propagate among PCs and servers, including those running SharePoint. These threats are designed to steal user names and passwords, and often install additional web-based malware components that steal other sensitive data.

At the same time, file-based malware with a high degree of social engineering has become commonplace. We routinely see emails claiming to include business-oriented attachments—such as package delivery notices, contracts, and software updates from IT support—which are, in reality, malicious files. At the same time, we also see emails offering innocuous attachments—like an Olympics schedule—but these files also contain embedded malware hidden within them. This hidden malware then exploits vulnerabilities in applications to automatically execute without user action or knowledge. This trend is particularly worrisome since, according to the SANS Institute, a leading provider of security training courses, file vulnerabilities like those in Microsoft Office or Adobe® PDF files, are the first choice of attackers for zero-day attacks. No matter how the malware is disguised, it only requires one user to take the bait and allow malware to enter your SharePoint environment.

But that’s not all. When organizations choose to utilize SharePoint’s web-based capabilities—portals, team sites, wikis, and blogs—especially those that are external-facing, they must be concerned about a whole new class of threats: web threats. Many of these threats take advantage of SQL injection, Cross-site Scripting, and other techniques to embed malicious code in legitimate web pages and redirect users to malicious sites. From there, malware often automatically downloads to the victim’s PC and/or steals data. This is the fastest-growing class of threats and one that is increasingly programmatic rather than targeted.

In addition to the risk of a SharePoint web page compromise, organizations need to be wary of users unknowingly posting links to compromised sites. Popular news sites are frequently targeted for their high volume of organic traffic. According to SANS, “Attacks against web applications constitute more than 60% of the total attack attempts observed on the Internet. These vulnerabilities are being exploited widely to convert trusted web sites into malicious websites serving content that contains client-side exploits.”

According to the Computer Security Institute, the average cost of security incidents in 2009 was $234,24411, and in many cases even a single compromise can have a far-reaching impact.