Without them even knowing it, organizations mistakenly share all of their covert secrets, leaving openers to attackers.
Security researchers have long since not necessarily worked as individuals, and they too have moved into the collaborative world and find new dangers together. But an Israeli cyber company claims to have discovered particularly sensitive information in one of the most popular tools in the cyber world and would like to warn you that you may also be leaking dangerous information without even knowing it.
Instead of installing antivirus, send the file to the cloud. Just think about what that means
In 2004, Spanish Hispasec Sistemas launched a new service called VirusTotal with a pretty ingenious idea. If there are so many file scanning services, why not bundle them all together under one roof for some sort of mass wisdom solution?
Instead of having to use heavy antivirus services, which sometimes miss out on different viruses or give you False-Positives, you can simply upload a suspicious file or URL to the service, and in seconds it crosses against dozens of different antivirus services and makes sure you’re safe.
In 2012, the service was purchased by none other than Google, which still operates it under its subsidiary, Chronicle.
The journey of the files you upload to VirusTotal doesn’t just end in the validation phase with other security services. Once you submit a file or URL for a site review, these are pretty freely available to anti-virus companies, security companies, and security researchers for about 12 months.
This is from the idea that such a database can be used to improve the protection systems of all companies, which should benefit all of us. There are other online services that offer the same functions, and how to save the files to the service, so the problem doesn’t start or end with VirusTotal.
Files that should be in the safe are available and exposed
As part of a recent CS3 conference, the Israeli company OTORIO, which protects the industrial sector from cyber attacks, revealed that a significant number of huge industrial companies are using the tools such as VirusTotal, without their knowledge.
In an interview with GeekTim, Yair Atar, VP of Technology and Co-Founder at OTORIO, explains that the company set out to check whether it could also find “project files” leaked. These are the files, which Atar says contain the most sensitive information of the organization.
These are files that are usually supposed to be encrypted in a digital safe, but nowadays, are transmitted without encryption between companies and suppliers.
“Once they reach the wrong hands, they can serve as a map for targeted attack and can create tremendous damage to production,” Atar explains. “Based on this information, the cybercriminal can identify an attack vector for a supply chain or alternative entry points used for maintenance, supervision or remote operations. The attacks they make can be visible and sudden or under the radar. ”
For example, Atar describes how an attacker can simply cause real damage to a chemical company, or impair the quality of a food company by raising the temperature of the storage rooms. More sophisticated attacks can work inconsistently, making it more difficult to discover the source of the problem and breach.
From dangerous physical damage to the theft of sensitive information to long-term business damage. The potential for these attacks is not small. But in the case of services like VirusTotal, Atar warns that many companies simply don’t know that their most sensitive information is uncovered.
How could this happen under the noses of the world’s largest organizations?
“We were surprised to discover legitimate project files and many of them. We have found files uploaded by companies and suppliers from many countries around the world including some of the largest and leading companies in their field, ”Atar describes.
Among the companies are the world’s largest car manufacturers, consumer goods, food and beverage manufacturers, electronics and more.
OTORIO claims that what led to the same information leak is the accelerated connection of machines and industrial computers to the Internet, or as we know it, IoT.
The machines connected to the network emit a great deal of information, and this information is often passed on like other network traffic.
The organizations responsible for network security often use traffic filtering platforms, some of which, often unknowingly, send the information to collaborative platforms like VirusTotal using various APIs.
“It is important to note that the project files were not intentionally uploaded by their industrial companies, vendors or security service providers – they were unintentionally uploaded, and automatically by incorrectly configuring the security applications that rely on online scanning engines to check malicious files.
Some of the information was uploaded through a third-party medium, but others apparently shared files directly without even knowing it, without properly assessing the processes connected to the online services.”
Atar says that although only companies and security researchers can access these files stored on these services, many can infiltrate without too much trouble, due to insufficient screening processes.
Although companies have not yet been informed of the leaked information, OTORIO emphasizes that it will be difficult to know whether a particular attack resulted from the file leak. Meanwhile, the company contacted Google and shared them with alarming findings.
Authorities said that VirusTotal expressed concern, but there was no solution on the horizon. In the meantime, they say, the company is encouraging its authorities to raise awareness of the problem so that more organizations will review their security system settings.
Since VirusTotal and the like is not a bug, but a feature, there are some steps that Aetr recommends to mitigate the risks in question: “The organization’s security officer must ensure that automated scanning tools, such as DLP, EDR, and email scans, are configured to prevent sensitive files from being uploaded to the network, both within the organization itself and among the organization’s suppliers. ”
Edits and writes on every field except football. He has an obsessive relationship with business and technology trends, is sure to be the funniest to say sweet potato. Commercial content manager for TechAmbo.