Freely subscribe to our NEWSLETTER

Ian Pratt, co-founder, Bromium

"Hackers who were attempting to be stealthy wouldn’t use Pastebin as such accesses are likely to raise red flags to vigilant security pros. However, many servers and networks are not closely monitored, so the attackers can get away with being lazy. Further, using Pastebin to host malcode leaves less of a forensic trail than going to the effort of setting up your own server in the cloud or compromising some other web site to be duped into doing the hosting."

Jared DeMott, principal security researcher, Bromium

"Once malware is running, finding how it connects out, and receives new code and commands is a cat and mouse game. If you block pastbin, they’ll use Github. Github is a better choice for attackers anyway. Enterprises cannot just block access to it, like they could Pastebin, since it’s often a business critical need. Also, Github is encrypted and can be private too. And even if you found out they were using Github and blocked that… there are intractably more ways an attacker could do covert C&C. The best way to stop malware is to stop it at the point of attack, rather than waiting and trying to deal with it once it has a foothold in your life."

TK Keanini, CTO, Lancope

"The recommendation to block pastebin on the surface would seem to be good practice but know that the Internet offers so many other ways in which attackers can store backdoor code it is crazy to think that this is a complete solution. If you are to take a least-privileged stance here whereby for a user you only afford them access to exactly what they need to conduct their business in a whitelist manner, you quickly realize how hard it is to not only implement but more so to maintain as the business needs change over time."