Companies are Misusing VirusTotal and Exposing Confidential Data, Research Finds

• Researchers said that they’ve discovered thousands of unprotected files from companies across the pharmaceutical, industrial, automotive and food sectors.
• These files contained information ranging from blueprints, supply chains to building entry points.

What’s the matter?

Security researchers from OTORIO have uncovered that companies are unintentionally exposing data including factory blueprints and intellectual property by misusing Alphabet’s virus scanner.

Why it matters?

VirusTotal is a virus scanner, which is owned by Alphabet’s cybersecurity subsidiary Chronicle. VirusTotal makes scanned documents available to companies for the detection of malware. However, some companies are misusing the virus scanner and are exposing sensitive documents.

What was exposed?

Researchers said that they’ve discovered thousands of unprotected files from companies across the pharmaceutical, industrial, automotive and food sectors, as part of a project to research the malware logged by VirusTotal.

These files contained information ranging from blueprints, supply chains to building entry points.

“From what we found, we could design a very constructive hack. We found files that gave us a blueprint of how to infiltrate the production floor. The companies’ trademarked secrets are on those blueprints,” said Daniel Bren, Chief Executive Officer at Otorio.

Worth noting

VirusTotal’s online terms of service state that users agree to only upload documents that they wish to publicly share and warn them to not to submit any files that contain confidential, commercially sensitive, or personal data without permission.

Bren noted that researchers can get access to the uploaded files with an agreement not to make commercial use of the information. However, some researchers are misusing the service and are publishing the incoming documents.

Response from the vendor

Otorio notified VirusTotal about its findings in July. The company acknowledged the findings and agreed that there was a need to raise awareness about how the service works and how security applications should be configured.

A spokesperson for VirusTotal said that the company screens all customers before giving them access to the data. “Researchers don’t have searchable access to the file base and customers that are found to abuse any data are cut off, the representative said,” the spokesperson said, Bloomberg reported.