Pastebin allows users to share small snippets of text online but two new features recently added to the service have left the cybersecurity community concerned that they could make it easier to disguise malware operations.
The two new features, named “Burn After Read” and “Password Protected Pastes”, allow the service’s users to create pastes that expire after being read once as well as pastes that are password protected. While new to Pastebin, these features have existed on many other paste sites for years. However, Pastebin is the largest paste site on the internet by far with 18m monthly visitors, according to ExpandedRamblings.
As the service has grown in popularity, it has turned into a place where cybercriminals can easily host their malicious code online to be used by others in cyberattacks. Over the past decade, Pastebin has increasingly been used by cybercriminals who use the service to store malicious commands, hacked data, IP addresses for C&C servers and other operational details.
In order to counteract the ways in which cybercriminals are misusing the service, cybersecurity firms have created tools capable of scraping new Pastebin entries to search for malicious or sensitive content as soon as it is uploaded on the site. Once found, these malicious pastes are indexed in private threat intel databases and are also reported to the service in order to have them taken down.
Burn After Read and Password Protected Pastes
By adding its new Burn After Read and Password Protected Pastes features, Pastebin will effectively make it harder for security researchers to prevent malware from ending up on the service.
Over the years, security researchers and Pastebin have had their share of disagreements over how the service can be used by cybercriminals. However, back in April of this year, Pastebin wanted to discontinue its Scraping API that is used by security researchers to detect new content being uploaded to the service. Thankfully though, Pastebin decided not to follow through with its plan to discontinue the API following massive backlash and media coverage.
In a tweet, Pastebin made the case that the new features will benefit security by giving users more control over who can see their pastes on its site.
While Pastebin does acknowledge that its new features may be abused by cybercriminals, the service has taken a number of steps to improve its security including introducing a new Enterprise API subscription, partnering with global cybersecurity companies to protect its site, partnering with law enforcement agencies and implementing Abuse Management and Threat Analysis teams who work closely with both law enforcement and industry partners.
Whether or not Pastebin will end up discontinuing Burn After Read and Password Protected Pastes is still unclear but given the amount of backlash the service has already received regarding these features, this could end up being the case.
Via ZDNet