Free online sandbox services can expose companies’ confidential documents, new study warns

• Researchers found over 200 malicious documents related to invoices and purchase orders.
• CVs and professional certificates were two other prevalent documents that were uploaded to the online sandbox services.

Some companies have unknowingly exposed their confidential files after uploading documents to malware scanning websites. A study conducted by CYJAX over the course of three days period has revealed that sandboxes services are bursting sensitive info from unwitting companies.

What’s the impact?

Companies are unknowingly leaving several confidential files on the internet for anyone to download - after uploading them to malware-scanning websites.

How does it work?

According to CYJAX, these file-probing websites open the uploaded files in secure sandboxes to detect any malicious behavior. However, as these sandbox services check for the bobby-trapped attachments for organizations, they publish a feed of submitted documents on the internet that are viewable to everyone.

The study was conducted on three unnamed popular online sandbox services.

What did the study find?

Due to the high volume of files submitted, CYJAX focused on .pdf and .msg/.eml files that were marked as suspicious or clean. During its three days of investigation, CYJAX found that there were over 200 malicious documents related to invoices and purchase orders.

By examining invoices, CYJAX was able to determine the contact details of those responsible for purchasing in each respective company. These invoice receipts also gave details about the software being sold. With such info openly available on the internet, it can create a roadmap for a threat actor hoping to commit BEC scam or spear-phishing scams.

CVs and certificates also not spared

CVs and professional certificates were two other prevalent documents that were uploaded to the online sandbox services. These documents exposed files containing ID photographs, addresses, and passport copies.

Threat actors can misuse these details to conduct identity theft and other scams.

What are other sensitive documents?

The experts also discovered a large number of insurance certificates that exposed various personally identifiable information (PII) such as names, phone numbers, postal and email addresses.

One of the files uploaded to malware analysis sandbox appeared to be a U.S. CENTCOM requisition form for use of military aircraft. The form included information such as names and contact details of travelers, along with their journey details.

Medical and legal documents also exposed

Apart from the documents, CYJAX also monitored a URL scanning service over the three days. It was found that many of the URLs submitted to the service pointed to sensitive data hosted on the file sharing service WeTransfer and cloud storage services such as Google Drive.

Worth noting

While the adoption of malware sandboxes is a positive development, companies need to understand how the files they share are processed. With many of these online sandbox services available for free, the likelihood of sensitive documents being exposed online can increase in the near future. Experts predict that this problem is likely to get worse as more companies add free sandboxing services to their security pipelines.