Threat intelligence manager Markus Neis brought awareness to a group of panelists at the Kaspersky Lab Security Analyst Summit regarding the capability for cyber criminals to utilize services such as VirusTotal to capture and retrieve uploaded sensitive documents.
According to Neis, he produced such findings when he utilized an uploaded word document embedded with a Canarytoken; a rigged embedded identifier that upon access, sends a response email to the user alerting to the presence of someone having access to the account in question. Neis found that within two days, his document was later distributed and downloaded in the US, Germany, Russia and Poland only two days later. Neis suggests this is further a problem for businesses that work with outsourcers and other 3rd party contractors as once the data is in their hand total control of the data is lost with the capability for these parties to decrypt, scan, and thus leave an imprint of items such as PGP keys, VPN credentials and SSH private keys.
The implications of said point of access is thus huge; especially if considering corporate or nation-state espionage. Neis has already found data belonging to luxury car makers, internet service providers, and has met with little response by proper authorities as to the disclosure of said information being out there. Thus there must be an incentive and need to establish strong internal security procedures between employees, managers, and their IT security team towards the implementation of a secure “turning in” of confidential data and how better to handle, delete, and submit what could soon be commonly targeted information.