Share

Misuse of Alphabet’s virus scanner is exposing sensitive files

Companies are misusing Alphabet’s virus scanner and similar products, and are unwittingly leaking data such as factory blueprints to intellectual property online, Israeli cybersecurity company Otorio said.

The firm said it discovered thousands of unprotected files from companies in the pharmaceutical, industrial, automotive and food industries as part of a project to research the malware logged by VirusTotal, which is owned by Alphabet cyber security subsidiary Chronicle. Otorio didn’t find any documents uploaded to VirusTotal that had been used in a cyber attack.

“From what we found, we could design a very constructive hack. We found files that gave us a blueprint of how to infiltrate the production floor,” said Otorio Chief Executive Officer Daniel Bren, a reserve brigadier general who established the Israeli army’s cyber defense unit. “The companies’ trademarked secrets are on those blueprints.”

VirusTotal makes scanned documents available to cybersecurity firms and researchers to help improve the detection of malware. Scanning incoming files for malicious attacks with online services is common practice, but some security teams are uploading files indiscriminately, without understanding the terms of use or the potential risk, Otorio said.

The Israeli firm, which specialises in cybersecurity for industrial control systems, contacted VirusTotal about its findings in July, and Otorio said the company agreed that there was a need to raise awareness about how the service works and how security applications should be configured. The idea, said Bren, was to make the industrial sector aware of the problem so “they improve the situation, and not to poke them in the eye.”

VirusTotal’s online terms of service states, in all caps, that users agree to only upload samples that they wish to publicly share and warns them not to submit anything that includes confidential, commercially sensitive or personal data without permission.

Researchers working for academic institutions and cybersecurity companies can get access to the uploaded data after some screening and meeting certain criteria, which includes promising not to make commercial use of the information, Bren said. Rogue researchers may easily misuse this important service and publish documents, he said.

A representative for VirusTotal said that the company screens all customers before giving them access to the data. Researchers don’t have searchable access to the file base and customers that are found to abuse any data are cut off, the representative said. VirusTotal will also remove information that’s uploaded by mistake.

Google acquired VirusTotal in 2012 and the firm was later moved to parent company Alphabet’s Chronicle subsidiary.

The types of project files uploaded may contain anything from information about supply chains to building entry points. Exposing them could lead to incidents similar to the ransomware attack that hit aluminum producer Norsk Hydro ASA in March, Otorio said. That attack caused production outages as the rogue agents stopped computer systems from working while they demanded a ransom.

We live in a world where facts and fiction get blurred
Who we choose to trust can have a profound impact on our lives. Join thousands of devoted South Africans who look to News24 to bring them news they can trust every day. As we celebrate 25 years, become a News24 subscriber as we strive to keep you informed, inspired and empowered.
Join News24 today
heading
description
username
Show Comments ()
Rand - Dollar
18.93
+0.0%
Rand - Pound
23.90
+0.0%
Rand - Euro
20.40
+0.1%
Rand - Aus dollar
12.33
+0.1%
Rand - Yen
0.13
-0.0%
Platinum
908.05
+1.2%
Palladium
1,014.94
+1.3%
Gold
2,232.75
-0.0%
Silver
24.95
-0.1%
Brent Crude
87.00
+1.8%
Top 40
68,346
0.0%
All Share
74,536
0.0%
Resource 10
57,251
0.0%
Industrial 25
103,936
0.0%
Financial 15
16,502
0.0%
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Editorial feedback and complaints

Contact the public editor with feedback for our journalists, complaints, queries or suggestions about articles on News24.

LEARN MORE
Government tenders

Find public sector tender opportunities in South Africa here.

Government tenders
This portal provides access to information on all tenders made by all public sector organisations in all spheres of government.
Browse tenders