A study conducted by researchers at Cyjax revealed that organizations expose sensitive data via sandboxes used for malware analysis.
Experts at the threat intelligence firm Cyjax analyzed file uploaded by organizations via malware analysis sandboxes and discovered that they were exposing sensitive data.
The researchers analyzed PDF documents and email files (.msg and .eml) uploaded to three unnamed sandbox services over a period of three days last week. All the sandboxes analyzed by the experts provide public feeds that allow users to view or download the files submitted by the users.
200 benign files were invoices and purchase orders. In one case, the experts discovered that a company that provides a popular deployment tool for Windows admins was submitting all received purchase orders into the sandbox. The company was ignoring that all these files were made public via the feed implemented by the sandbox service.