Blog

What We Can All Learn from the VirusTotal Data Leak

What We Can All Learn from the VirusTotal Data Leak

In 2004, a service called VirusTotal was launched and swiftly became a popular antivirus and malware scanner to help detect threats in various files and URLs. It became popular enough that it was officially acquired by Google in 2012 and ultimately assimilated into Chronicle, a cloud-based security operations suite for enterprise businesses. Despite this impressive pedigree, however, we find ourselves able to look to VirusTotal as a sobering reminder of how fickle cybersecurity can be, with the service being the source of some limited data exposure.

Let’s consider the situation, and what it helps illustrate for us.

VirusTotal Had Some Registered Customers’ Data Exposed

On July 17, VirusTotal disclosed that a database composed of some 5,600 customer names and addresses—a collection of cybersecurity experts from various law enforcement agencies, intelligence agencies, and military staff from all around the world—had been leaked. What’s worse, it was the VirusTotal service itself that enabled the leak.

It all comes down to VirusTotal’s functionality. In addition to scanning files for malware using tools from various other companies, VirusTotal also shares these samples directly with these other companies, making them available for speedy download so that they can be used to help further research efforts.

When used in this way, this is all well and good. However, if someone were to accidentally use VirusTotal to share a file that should not have been shared, dozens to hundreds of companies could suddenly find themselves receiving data they should not be able to access.

This is precisely what happened to VirusTotal when an employee accidentally uploaded the aforementioned database of Premium-level users into the VirusTotal system. Fortunately, the list was promptly removed and was only visible to their partners and corporate clientele, but it still happened in the first place.

How to Prevent a Similar Issue in Your Own Business

Protecting your own organization from such circumstances is not going to be simple and seamless, particularly because the primary source of your vulnerability comes from simple human error. To prevent this from becoming the same kind of issue that it did for VirusTotal, you need to reinforce procedure—potentially through firewall rules, endpoint security warnings to give users a chance to reconsider what they are doing, and restricting upload permissions for certain users based on their roles.

If this sounds complicated, it can be… but that’s what a managed service provider like us helps to simplify.

In addition to assisting you with setting up the requisite safeguards, we can help you maintain your business’ essential technology, supporting it and, by extension, you and your business. Learn more about what we have to offer by reaching out to us at 603-889-0800.

Related Posts

Professional sports has witnessed a significant shift in the way teams and organizations approach their strategies. Gone are the days when gut instinct and intuition were the sole driving forces behind decisions. Nowadays, sports are increasingly rel...
The United States Federal Trade Commission’s mandate is to prevent fraud and promote consumer protection in today's interconnected world, where the digital landscape continues to evolve at a rapid pace. The FTC recognizes the importance of safeguardi...
Compliance is a critical element of many businesses’ requirements, with pretty severe penalties as a consequence if the prescribed standards are not met. Even more importantly, most compliance requirements and regulations are put in place for the wel...
Information technology is a constantly changing industry, with practices shifting all the time. As a result, anyone you have working on your company’s IT should be actively seeking out various certifications to confirm that they are keeping up on mod...

Data backup always sounds like a simple process, but if you truly want to rely on your backup, it needs to be absolutely infallible. That is the objective behind an IT appliance known as the BDR, which stands for Backup and Disaster Recovery.

Back in 1995, the Association of Records Managers and Administrators were in the midst of campaigning for the renewal of the Paperwork Reduction Act. As a part of their efforts, they created National Records and Information Management Day. Over the y...
Did you know that World Backup Day is in just a few short weeks? While it is an important occasion for businesses to recognize, data backup should really be something you think about all the time. This is because your backup is an integral part of th...
Who are you? While it’s a question that’s been asked in all contexts with all levels of metaphysicality attached—from asking someone their name to prompting someone to follow a path of spiritual self-discovery—the growth of the metaverse once again u...
We aren’t going to try and pretend that the investments necessary to preserve your business’ data security are small ones. Especially at first glance, you may very well start to question if such an investment is truly necessary. The simple fact of th...
If Edgar Allan Poe worked in an office, here’s what one of his works would sound like: True!—nervous—very, very dreadfully nervous I have been and am, but why will you say that I am mad? The office had sharpened my senses—not destroyed—not dulled the...
“It won’t happen to me.” This is a common excuse amongst business owners who refuse to equip their network with a comprehensive data backup and recovery solution. They may feel like they’re careful enough to avoid a major data loss-causing disaster. ...
As Miguel de Cervantes wrote in Don Quixote, “...is the part of a wise man to keep himself today for tomorrow, and not venture all his eggs in one basket.” It was wise advice then, and it’s wise advice now—especially when it comes to your business’ n...

Onsite Service Coverage Area

Although we provide remote services and support to businesses in over 20 states, onsite services are limited to within reasonable driving distance from our offices in NH.  We will manage a local vendor for locations outside of our service area to provide onsite assistance when needed.

 

Onsite Computer Support Services are available to businesses within 60 miles of Nashua New Hampshire. We have excellent onsite coverage from Concord NH, south through Manchester NH, and then down into Boston. From Northern and Central Mass, we cover from Worcester, east to the North Shore, including the Salem NH and Portsmouth NH area.

White Mountain IT Services

 


33 Main St, Suite 302
Nashua, NH 03064

 


121 Riverfront Drive
Manchester, NH 03102

 

Client Help Desk      603-889-2210

New Client Inquiries   603-889-0800

Open Positions