Malware Samples Logged by VirusTotal Virus Scanner Could Be Used Cyber Attacks
Companies are misusing Alphabet Inc.’s virus scanner and similar products, and are leaking sensitive data online, Israeli cybersecurity company Otorio Ltd. said.
The firm said it discovered thousands of unprotected files from companies in the pharmaceutical, industrial, automotive and food industries as part of a project to research the malware logged by VirusTotal, which is owned by Alphabet cyber security subsidiary Chronicle.
“From what we found, we could design a very constructive hack. We found files that gave us a blueprint of how to infiltrate the production floor,” said Otorio Chief Executive Officer Daniel Bren, a reserve brigadier general who established the Israeli army’s cyber defense unit. “The companies’ trademarked secrets are on those blueprints.”
VirusTotal makes scanned documents available to cybersecurity firms and researchers to help improve the detection of malware. This practice is common in the cybersecurity industry, but some security teams are uploading files indiscriminately, without understanding the terms of use or the potential risk, Otorio said.
The Israeli firm contacted VirusTotal about its findings in July, and Otorio said the company agreed that there was a need to raise awareness about how the service works and how security applications should be configured.
VirusTotal’s online terms of service states that users agree to only upload samples that they wish to publicly share and warns them not to submit anything that includes confidential, commercially sensitive or personal data without permission.
VirusTotal said that the company screens all customers before giving them access to the data. Researchers don’t have searchable access to the file base and customers that are found to abuse any data are cut off, the representative said. VirusTotal will also remove information that’s uploaded by mistake.
The types of project files uploaded may contain anything from information about supply chains to building entry points. Exposing them could lead to incidents similar to the ransomware attack that hit aluminum producer Norsk Hydro ASA in March, Otorio said.