In a time of ever-evolving cyber threats, data security is critical. As malware becomes more complex, monitoring its behavior becomes more difficult and time-consuming to investigate. In recent years, advanced methods have been used for rapid detection of threats. One of these methods is the application of sandbox systems. Sandbox system is a very useful tool designed to quickly investigate and evaluate malicious files and software.
Since provisioning and setting up of enterprise private sandbox systems requires funds, many users use cloud versions of such solutions, and in many cases, free versions. Such free sandbox systems, which are designed to allow individual users to send suspicious files to such systems over the Internet to determine whether they are malicious or not, do not protect the privacy or confidentiality of the files sent. Thus, such free platforms intended for individual users publish any file uploaded to the system by marking it as a verified file on their site.
Employees of many enterprises and banks who are not aware of this, but use such free services to avoid checking the security of incoming files, unknowingly expose confidential and personal information.
Currently, the most widely used platforms in our country, such as ANY.RUN and Virustotal, contain a large number of confidential information related to a number of banks and enterprises - documents, contracts, financial and property files, CVs, reports, etc. we can witness its publication.
Although the individual use of such platforms is a very commendable positive thing from the point of view of cyber hygiene in order to prevent infection, the sharing of sensitive information of banks and enterprises and users openly, accessible to everyone, carries a great risk.
The Special Communication and Information Security State Service's Malicious Investigation Laboratory recommends that enterprises and companies conduct inspections on systems with closed analysis capabilities in order to ensure the protection of confidential and personal data when using cloud-based sandbox platforms. At the same time, it is necessary to know that even if the files uploaded to such systems are not publicly shared on some platforms, the uploaded files are collected in the information system of 3rd parties. As a result of any cyber attack that may occur on the said system, sensitive information may be leaked or fall into the hands of hackers. With this in mind, it is important to ensure data redaction and anonymization to remove or hide sensitive information from files to be uploaded when using such services. At the same time, in order to increase the awareness of the employees in terms of data protection, privacy and information security, regularly implementing additional educational measures is important in terms of improving cyber hygiene within the enterprise.
For information, let's note that the Pest Research Laboratory of the Special Communication and Information Security State Service is currently working on the development of a new solution, the national sandbox system.
