Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Microsoft Cloud

Security Threat Analyst Accuses Microsoft of Hosting Malware on Office365's OneDrive (itwire.com) 52

Slashdot reader juul_advocate quotes ITWire: A British tech researcher, who quit working as a security threat analyst with Microsoft a few months back, has called on his former employer to act speedily to remove links to ransomware on its Office365 platform. In a tweet sent on Friday, Beaumont said: "Microsoft cannot advertise themselves as the security leader with 8,000 security employees and trillions of signals if they cannot prevent their own Office365 platform being directly used to launch Conti ransomware. OneDrive abuse has been going on for years. Fix it...."

An overwhelming majority of ransomware attacks only Windows, with an analysis by staff of the Google-owned VirusTotal database last Thursday showing that 95% of 80 million samples analysed — all the way back to January 2020 — were aimed at Windows... Beaumont, who has a well-earned reputation as a researcher who is quick to admit faults in his own industry, acknowledged that other technology companies also played a big role in hosting malware. Quoting a tweet from a Swiss researcher [given below], he said: "And yes, it's not just Microsoft. Tech companies have got to do better."

This discussion has been archived. No new comments can be posted.

Security Threat Analyst Accuses Microsoft of Hosting Malware on Office365's OneDrive

Comments Filter:
  • Removing information can have severe consequences too, either due to false positives or because the links are in working documents of security researchers.

    • To be fair, I have reported active zeroday malware/phishing through official channels hosted on onenote/onedrive/word whatever, and its usually a week before the security team investigates and actions. Usually have to go back and forth 2x or more just to explain.
    • Security researchers should not be storing their work on a cloud drive without backups.

      If they cry, I'm gonna laugh.

    • by EirikFinlay ( 6179140 ) on Sunday October 17, 2021 @01:50AM (#61899547)

      The problem is actually far simpler. What i store on my disks, be them offline or online, is not something i want Microsoft, or anyone else for this matter, to investigate, block or delete. It is my stuff, it can be legal or illegal, but it is still my private stuff and it belongs to me.

      Until cloud companies decide if they want to be the police of the world or a freaking company offering disk space to their users they will simply be seen as unreliable spies. Don't look at my data, not manually not automatically, it is not yours. It is as simple as that.

      • How can you expect nobody looking at your data and storing your data unencrypted on a somebody else's drive?
        • Perhaps it is because I'm european and i consider privacy a serious issue, but that's the minimum requirement i expect if i trust someone with my data.

          It should be pretty obvious to anyone offering space "on the cloud" that the only way their business model has a chance to work is to not threat their users as little children who need to be protected for their own sake.

          Is it so odd to ask that MY data remains mine and private? I don't think so. I believe this is a quite basic request, something that anyone w

          • How about not scanning anything until it is shared, at which point it is considered to be a published work? On personal OneDrive, last I checked, Microsoft ditched proper SharePoint-style security controls and every link generated was technically public, regardless of how the sharing invitation was handled

            That said, I’m gradually pulling all my data off the Internet, as it is far less expensive to buy BluRay discs and permanently double-archive things while keeping full local copies on a minimum of
          • Is it so odd to ask that MY data remains mine and private?

            In short, yes. The world is full of people who won't respect your privacy, and the only reasonable way to even attempt to ensure it is to use strong crypto responsibly.

          • by vyvepe ( 809573 )

            The point is that cloud providers only claim that they offer private space. And they likely do it only in their advertisement and not in their contracts and license agreements. Above all, they (and their employees) can look at it and therefore it is not private. If you want private data online then host them yourself so that you have control over who has access to the data. Host only public data (or fully encrypted data) on a service run by somebody else.

            You are putting way too much trust into cloud provid

      • The problem is Microsoft is

        - Second largest (and closing fast on #1) cloud provider in the world
        - Maker of the most targetted OSs by criminals in the world
        - One of the largest enterprise cybersecurity companies in the world.

        The goals of the latter two business units are not always aligned with the first. An analogy would be if a company was huge in both renting storage lockers and running retail stores, found out that a string of gangs were storing their stolen goods from the stores in said storage lockers.

      • Then you probably haven't generated a public link for those files - there is no major safety reason to scan them. It's not about being the police, it's about accidentally being a major vendor to the cartel.

        Virtually no ransomware attacks are going to tell you to click a OneDrive link and then provide you a Microsoft account user ID and password for download.

    • The thing is, they own a huge email platform - two of them, in fact. All they have to do is scan OneDrive links in received emails and if they are a threat and go to more than x recipients, automate handing that over to OneDrive and blocking the link.

      Or better yet, just scan every OneDrive file and post a huge warning before download. Won't stop legitimate research work, but MOST dumb end users will stop before downloading if the warning is scary enough.

  • Do you have to open a file (which comes from where?)? Or just log into OneDrive and it pops?

    • no, this is purely about someone storing malware on their onedrive and using links to it. In two minds here, MS should be detecting malware, but I also want them to stay the fuck out of my onedrive storage.
      • Microsoft could easily put malware in a quarantine folder that you can review. Of course, those serial offenders should be investigated (by a human), and if found spreading malware, their accounts should be suspended and their info sent the authorities.

        • right. can't Microsoft tell the difference between a private and public file? then simply apply a scan/quarantine. if this is for security researchers, they should be shared in a group and not public facing. Not hard to email A researcher and ask for access to the group

      • So question then. If you have malware you are sharing in your onedrive folder, should LEO arrest you for said malware if someone receives an email with a link to it? This is not about you per say, this is about you sharing malware. If your folder is private and cannot be shared without a password, sure store whatever you want. But as soon as you open it up, you should be responsible for the effects. Or the ISP can do it for you by either preventing sharing of malware or deleting it.
        • In terms of a criminal act, intent matters. I agree, if you are actively sharing malware then you are responsible - whether that is a criminal act or not may be more subtle. If someone hacks your account and starts sharing malware are you responsible? If Microsoft has another supply chain attack and someone takes over everything are you responsible? If someone signs up for Office365 with a fake name and pre-paid card and then starts serving malware will it be easy to find a prosecute that person?

          Microsof

  • So the researcher is advocating that Microsoft should open up and inspect files on its customer's private data stores?
    • by 0dugo0 ( 735093 )

      Yeah, but if the researcher can inspect them they are not all that private, are they?

    • Only the stupid ones, the ones that don't get there concept of "my stuff is none of your business". This kind of shit is why people don't trust cloud services (and rightly so). I don't want my tools to spy on my or decide what kind of data I'm allowed to own. My tools have to work for me, not against me, it doesn't matter if i use them for legal or even illegal purposes.

    • Fixing this problem only requires that Microsoft inspect publicly accessible files, which are publicly accessible and thus not secret by definition. There is frankly no privacy implication to that.

      There is a privacy implication to storing your files unencrypted on other people's servers though, so if you want privacy, don't do that. Problem solved.

  • The problem is, executives are faced with a choice:

    1) Spend more on IT security.

    2) Get a bigger bonus an buy that yacht to show off to your frenemies.

    Guess which one they almost always pick? The problem is, IT security costs money with no chance of a return. It's what's called a cost center, and thus a dirty word to management because they always want more. Making 4,000 times the salary of their workers isn't sufficient in their eyes.

    • It's not just the cost of security-related technologies, its the extremely burdensome business process slowdowns and changes to accommodate the security changes.

      It's like flying on an airplane. In 1968, you got to the airport and went to the gate and got on the plane, possibly checking a bag. Otherwise, you just got on the plane. On some flights you bought the ticket on the plane.

      Now with airport security? You've got to have a bunch of documents (passport or enhanced driver's license, which both have bu

    • There is a new one now. Buy a ticket to space. Or if you are really motivated and really really rich, start your own space tourism company.
  • MS hosts https://github.com/ParrotSec/m... [github.com] too, which some may say is worse. Shouldn't MS get involved there too, where is the editorial line drawn.

  • Do you really want MS having to inspect everything you store and be responsible for it?
  • Why not disable the built-in encryption in Windows?
  • showing that 95% of 80 million samples analysed — all the way back to January 2020 — were aimed at Windows...

    Ok let's do this. It's been going on for 20 years.

    Someone says, "But Linux is much more secure!"

    I reply, "Probably not if it were under the same level of assault as Windows, continuously by thousands of intelligent, motivated programmers, especially in corrupt countries where officials are more likely to demand a cut than stop it."

    Then someone mods me down.

    • Comment removed based on user account deletion
    • by thousands of intelligent, motivated programmers, especially in corrupt countries where officials are more likely to demand a cut than stop it.

      Having lived and worked in a number of "corrupt" countries, I've never seen any of them having anything like the level of population surveillance that Americans seem to be all in favour of, which would allow an "official" to even be aware that a particular person was running a malware scam, let alone give them powers to stop it or demand a cut.

      Of course, there are

      • by gTsiros ( 205624 )

        ... Who are you o_o ?

        • Me.

          Who are you? And why do you think that the shining stars of the diplomatic world (according to their own PR departments) are significantly less corrupt than others? Corruption being, of course, one of the prime functions of capitalist society (and it's covering up one of the prime functions of PR departments everywhere).

          • by gTsiros ( 205624 )

            Hi! I'm George. I'm convinced humanity is, by nature, doomed. Within, what? A one-thousandth of life's life we managed to destabilize the entire planet's ecosystem. We are a toddler with a live hand-grenade.

            The only question now is, will we also take everything else down with us in the process?

            • The dominant life forms on Earth are now, and always have been (since life's origin) monocellular microbes of one or other form. These johnny-come-lately multicellular organisms - including those disgusting perverts with endosymbiotes - are going to die long before we do.

              Humans are eukaryotes, aren't they? Latecomers.

  • It certainly has been for me for the last 20-odd years - every account or user it touches, it tries (by various means, technical and psycho-social) to spread itself to anyone that account or user contacts. Classic malware.

    So, if MS have started to get into the "online hard drive" business, is anyone surprised that it hosts malware?

  • What do you expect from the company that is the #1 spam hosting network in the world ?

    https://www.spamhaus.org/stati... [spamhaus.org]

    Security to M$ has always been a joke and an afterthought. The ONLY time they pay attention to security is when they get humiliated and exposed as clowns.

  • I'm always getting shares from scammers who are trying to get me to open some document or another.
  • That must be the "Big Lie" technique at work. Because they are clearly exactly the opposite: Responsible for a major part of todays security problems.

The best defense against logic is ignorance.

Working...