Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Carbon Black EDR Service Exposing Customer Data Through Cloud Scanning

    By
    ROBERT LEMOS
    -
    August 10, 2017
    Share
    Facebook
    Twitter
    Linkedin
      Cloud Virus Scanning

      Companies that scan binaries using VirusTotal — or other cloud scanning services — may expose sensitive data to the public, especially when developers scan internally-developed applications using the service, managed security firm DirectDefense warned on Aug. 9.

      The problem came to light when the company found information belonging to clients of endpoint detection and response (EDR) firm Carbon Black exposed through VirusTotal’s service.

      The EDR provider allows customers to optionally scan system and program files using the VirusTotal service. But in doing so, companies often do not realize that premium subscribers of the VirusTotal service get access to the submitted files. In effect, any company or government agency with premium access to VirusTotal’s application programming interface (API) can mine those files for sensitive data.

      “Cloud-based multiscanners operate as for-profit businesses,” Jim Broome, president of DirectDefense, stated in the analysis. “They survive by charging for access to advanced tools sold to malware analysts, governments, corporate security teams, security companies, and basically whomever is willing to pay. Access to these tools includes access to the files submitted to the multiscanner corpus— it’s hard to analyze malware that you don’t have.”

      Security professionals at DirectDefense used its access to scan for internal corporate files uploaded to the VirusTotal service, identifying a variety of sensitive pieces of data that had been included in scanned binaries, such as web API and cloud keys, user credentials, app-store keys, customer data and a variety of developer-specific information.

      Using the information, attackers could shutdown a victim’s cloud infrastructure, issue malicious updates to mobile applications or compromise a firm’s software development process, DirectDefense’s Broom told eWEEK. The problem is that companies trust their security provider without realizing the impact caused by the data going to a third-party provider.

      “We want people to be aware of this danger,” he said. “We believe this issue is much broader than just one vendor.”

      The analysis, published on Aug. 9 on DirectDefense’s blog, is not the first time that researchers found security software potentially being an avenue for data leaks. Compromised computers with no direct access to the Internet could still have data exfiltrated by attackers using the security software’s cloud sandbox as a channel to the Internet, security firm SafeBreach stated in research presented at the Black Hat Security Briefings in Las Vegas last month.

      Carbon Black objected to the research and its publication, noting that the company was not notified of DirectDefense’s analysis prior before that company published the blog post. Carbon Black stressed that Cb Response, its EDR product, does not send files for analysis through VirusTotal by default, but only if the client activates the feature.

      “It is a feature, off by default, with many options to ensure privacy, and a detailed warning before enabling,” the company stated in its own blog post.

      DirectDefense argued in a blogged response that the feature is often activated, because clients are frequently urged to do so.

      “[T]he recommendations or messaging from Carbon Black’s professional services team during the course of installing the product is to turn this feature on to help accelerate the analysis of the file scans,” DirectDefense’s Broome stated in the blog post.

      VirusTotal’s paid-for service allows access to its Private API 2.0, which allows companies to use a larger set of function calls at a higher data rate. The ability to download files matching certain criteria – such as those uploaded by a specific provider – is part of the Private API 2.0. The capability is intended to allow security-software providers to download files to test their systems.

      In an interview, Broome underscored that, while Carbon Black’s success means it’s the largest enabler of data leaks through cloud analysis services, other security providers may also be putting their clients at risk. This is a bigger conversation than just Carbon Black or VirusTotal, he told eWEEK.

      “There are a lot of solutions that are following a similar kind of model,” he said. “At the end of the day, customers, when we tell them that we found your data here, in most cases, they are pretty shocked. We can get into a larger argument about EULAs, but they didn’t realize, or didn’t read the fine print to realize, that their data is going somewhere else and being resold.”

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×