Researchers at UK-based threat intelligence firm Cyjax have studied files submitted to three popular online malware analysis sandboxes and found that many of the publicly accessible files contain sensitive information.
The analysis was carried out over a period of three days last week and it covered three unnamed sandbox services that allow users to upload files to determine whether they are malicious or benign. All of the researched services have public feeds that allow anyone to view or download the submitted files.
Cyjax’s analysis focused on PDF documents and email files (.msg and .eml). Researchers identified over 200 invoices and purchase orders, which they say is not surprising considering that businesses often email these types of documents.
In one case, a company that provides a popular deployment tool for Windows admins — its customers include courthouses and schools — appeared to have uploaded all received purchase orders to the sandbox.
“By examining the invoices, we were able to determine who was using the software, as well as the contact details of those responsible for purchasing in each organisation: this is extremely useful information for a threat actor conducting a spear phishing or BEC fraud campaign,” Cyjax researchers said.
Cyjax also identified tens of resumes and professional certificates, including ones containing passport copies. The company also discovered publicly accessible files storing insurance certificates containing personal information such as names, phone numbers, email addresses and physical addresses.
One of the exposed files appeared to be a U.S. CENTCOM requisition form for use of military aircraft, and it included names, traveler contact details, and information about the journey.
CENTCOM and the company that uploaded all of its purchase orders have been notif ..
Support the originator by clicking the read the rest link below.
