Experts at the threat intelligence firm Cyjax analyzed file uploaded by organizations via malware analysis sandboxes and discovered that they were exposing sensitive data
The researchers analyzed PDF documents and email files (
200 benign files were
“By examining the invoices, we were able to determine who was using the software, as well as the contact details of those responsible for purchasing in each
The experts also discovered a large number of insurance certificates that expose various personally identifiable information (PII), such as names, phone numbers, postal and email addresses.
One of the files exposed via the malware analysis sandboxes appeared to be a U.S. CENTCOM requisition form for use of military aircraft. The document included confidential information such as names and contact details of the
The files also included medical and legal documents.
The researchers also analyzed the URL submitted by the users to a URL scanning service over the 3-day period. Many URLs submitted to the service were pointing to sensitive data hosted on the file sharing service
“The volume of sensitive documents collected in only three days was staggering. In a month, a threat actor would have enough data to target multiple industries and steal the identities of multiple victims.” concludes the company.
“While the adoption of malware sandboxes is a positive development, companies need to better understand how the files they share are processed. Many providers require payment to submit files privately, meaning that everyone who uses the free service will have their files shared by default.
We predict that this problem is likely to get worse as more companies add sandboxing to their security pipeline, underscoring the importance of educating employees now.”
(SecurityAffairs – sandboxes, privacy)