Security Threat Analyst Accuses Microsoft of Hosting Malware on Office365's OneDrive (itwire.com) 52
Slashdot reader juul_advocate quotes ITWire:
A British tech researcher, who quit working as a security threat analyst with Microsoft a few months back, has called on his former employer to act speedily to remove links to ransomware on its Office365 platform. In a tweet sent on Friday, Beaumont said: "Microsoft cannot advertise themselves as the security leader with 8,000 security employees and trillions of signals if they cannot prevent their own Office365 platform being directly used to launch Conti ransomware. OneDrive abuse has been going on for years. Fix it...."
An overwhelming majority of ransomware attacks only Windows, with an analysis by staff of the Google-owned VirusTotal database last Thursday showing that 95% of 80 million samples analysed — all the way back to January 2020 — were aimed at Windows... Beaumont, who has a well-earned reputation as a researcher who is quick to admit faults in his own industry, acknowledged that other technology companies also played a big role in hosting malware. Quoting a tweet from a Swiss researcher [given below], he said: "And yes, it's not just Microsoft. Tech companies have got to do better."
An overwhelming majority of ransomware attacks only Windows, with an analysis by staff of the Google-owned VirusTotal database last Thursday showing that 95% of 80 million samples analysed — all the way back to January 2020 — were aimed at Windows... Beaumont, who has a well-earned reputation as a researcher who is quick to admit faults in his own industry, acknowledged that other technology companies also played a big role in hosting malware. Quoting a tweet from a Swiss researcher [given below], he said: "And yes, it's not just Microsoft. Tech companies have got to do better."
Beware of unintended consequences (Score:2)
Removing information can have severe consequences too, either due to false positives or because the links are in working documents of security researchers.
Re: (Score:2)
Re: (Score:2)
Security researchers should not be storing their work on a cloud drive without backups.
If they cry, I'm gonna laugh.
Re: Beware of unintended consequences (Score:2)
OneDrive is pushed as the only backup service you need.
Re: (Score:2)
I always take explicit steps to disable and uninstall OneDrive.
Re: (Score:2)
Same here- it's an annoyance at best and a disaster at worst.
Re: (Score:2)
OneDrive is pushed as the only backup service you need.
For now. Microsoft will be launching TwoDrive in the hear future -- for OneDrive users that want to be sure...
Re: Beware of unintended consequences (Score:4, Insightful)
The problem is actually far simpler. What i store on my disks, be them offline or online, is not something i want Microsoft, or anyone else for this matter, to investigate, block or delete. It is my stuff, it can be legal or illegal, but it is still my private stuff and it belongs to me.
Until cloud companies decide if they want to be the police of the world or a freaking company offering disk space to their users they will simply be seen as unreliable spies. Don't look at my data, not manually not automatically, it is not yours. It is as simple as that.
you have an internal conflict problem (Score:2)
Re: you have an internal conflict problem (Score:2, Insightful)
Perhaps it is because I'm european and i consider privacy a serious issue, but that's the minimum requirement i expect if i trust someone with my data.
It should be pretty obvious to anyone offering space "on the cloud" that the only way their business model has a chance to work is to not threat their users as little children who need to be protected for their own sake.
Is it so odd to ask that MY data remains mine and private? I don't think so. I believe this is a quite basic request, something that anyone w
A happy medium (Score:2)
That said, I’m gradually pulling all my data off the Internet, as it is far less expensive to buy BluRay discs and permanently double-archive things while keeping full local copies on a minimum of
Re: (Score:2)
Is it so odd to ask that MY data remains mine and private?
In short, yes. The world is full of people who won't respect your privacy, and the only reasonable way to even attempt to ensure it is to use strong crypto responsibly.
Re: (Score:2)
The point is that cloud providers only claim that they offer private space. And they likely do it only in their advertisement and not in their contracts and license agreements. Above all, they (and their employees) can look at it and therefore it is not private. If you want private data online then host them yourself so that you have control over who has access to the data. Host only public data (or fully encrypted data) on a service run by somebody else.
You are putting way too much trust into cloud provid
Re: Beware of unintended consequences (Score:2)
The problem is Microsoft is
- Second largest (and closing fast on #1) cloud provider in the world
- Maker of the most targetted OSs by criminals in the world
- One of the largest enterprise cybersecurity companies in the world.
The goals of the latter two business units are not always aligned with the first. An analogy would be if a company was huge in both renting storage lockers and running retail stores, found out that a string of gangs were storing their stolen goods from the stores in said storage lockers.
Re: (Score:2)
Then you probably haven't generated a public link for those files - there is no major safety reason to scan them. It's not about being the police, it's about accidentally being a major vendor to the cartel.
Virtually no ransomware attacks are going to tell you to click a OneDrive link and then provide you a Microsoft account user ID and password for download.
Re: (Score:2)
The thing is, they own a huge email platform - two of them, in fact. All they have to do is scan OneDrive links in received emails and if they are a threat and go to more than x recipients, automate handing that over to OneDrive and blocking the link.
Or better yet, just scan every OneDrive file and post a huge warning before download. Won't stop legitimate research work, but MOST dumb end users will stop before downloading if the warning is scary enough.
Re: As Sunday gets closer (Score:1)
Tell me, do you get blue balls from such a raging man crush?
So what's the deal? (Score:1)
Do you have to open a file (which comes from where?)? Or just log into OneDrive and it pops?
Re: (Score:2)
Re: (Score:2)
Microsoft could easily put malware in a quarantine folder that you can review. Of course, those serial offenders should be investigated (by a human), and if found spreading malware, their accounts should be suspended and their info sent the authorities.
Re: So what's the deal? (Score:2)
right. can't Microsoft tell the difference between a private and public file? then simply apply a scan/quarantine. if this is for security researchers, they should be shared in a group and not public facing. Not hard to email A researcher and ask for access to the group
Re: (Score:2)
Re: (Score:2)
In terms of a criminal act, intent matters. I agree, if you are actively sharing malware then you are responsible - whether that is a criminal act or not may be more subtle. If someone hacks your account and starts sharing malware are you responsible? If Microsoft has another supply chain attack and someone takes over everything are you responsible? If someone signs up for Office365 with a fake name and pre-paid card and then starts serving malware will it be easy to find a prosecute that person?
Microsof
Is that really what you want? (Score:2)
Re: (Score:2)
Yeah, but if the researcher can inspect them they are not all that private, are they?
Re: Is that really what you want? (Score:2)
Only the stupid ones, the ones that don't get there concept of "my stuff is none of your business". This kind of shit is why people don't trust cloud services (and rightly so). I don't want my tools to spy on my or decide what kind of data I'm allowed to own. My tools have to work for me, not against me, it doesn't matter if i use them for legal or even illegal purposes.
Re: (Score:2)
Fixing this problem only requires that Microsoft inspect publicly accessible files, which are publicly accessible and thus not secret by definition. There is frankly no privacy implication to that.
There is a privacy implication to storing your files unencrypted on other people's servers though, so if you want privacy, don't do that. Problem solved.
Executives are the Problem (Score:2)
The problem is, executives are faced with a choice:
1) Spend more on IT security.
2) Get a bigger bonus an buy that yacht to show off to your frenemies.
Guess which one they almost always pick? The problem is, IT security costs money with no chance of a return. It's what's called a cost center, and thus a dirty word to management because they always want more. Making 4,000 times the salary of their workers isn't sufficient in their eyes.
Re: (Score:2)
It's not just the cost of security-related technologies, its the extremely burdensome business process slowdowns and changes to accommodate the security changes.
It's like flying on an airplane. In 1968, you got to the airport and went to the gate and got on the plane, possibly checking a bag. Otherwise, you just got on the plane. On some flights you bought the ticket on the plane.
Now with airport security? You've got to have a bunch of documents (passport or enhanced driver's license, which both have bu
Re: (Score:2)
Github's owned by MS (Score:2)
MS hosts https://github.com/ParrotSec/m... [github.com] too, which some may say is worse. Shouldn't MS get involved there too, where is the editorial line drawn.
Re: (Score:2)
So you're saying it's a terrible thing that Microsoft doesn't abuse their ownership of GitHub to censor security researchers?
Um, no.
Well it shouldn't exist as a thing. Last time I looked, MS denied it was a problem, yet history of WannaCry shows us otherwise.
Er, it's storage (Score:1)
Why not disable built-in encryption (Score:1)
[Insert clickbait title here] (Score:1)
Ok let's do this. It's been going on for 20 years.
Someone says, "But Linux is much more secure!"
I reply, "Probably not if it were under the same level of assault as Windows, continuously by thousands of intelligent, motivated programmers, especially in corrupt countries where officials are more likely to demand a cut than stop it."
Then someone mods me down.
Re: (Score:1)
Re: (Score:2)
Having lived and worked in a number of "corrupt" countries, I've never seen any of them having anything like the level of population surveillance that Americans seem to be all in favour of, which would allow an "official" to even be aware that a particular person was running a malware scam, let alone give them powers to stop it or demand a cut.
Of course, there are
Re: (Score:2)
... Who are you o_o ?
Re: (Score:2)
Who are you? And why do you think that the shining stars of the diplomatic world (according to their own PR departments) are significantly less corrupt than others? Corruption being, of course, one of the prime functions of capitalist society (and it's covering up one of the prime functions of PR departments everywhere).
Re: (Score:2)
Hi! I'm George. I'm convinced humanity is, by nature, doomed. Within, what? A one-thousandth of life's life we managed to destabilize the entire planet's ecosystem. We are a toddler with a live hand-grenade.
The only question now is, will we also take everything else down with us in the process?
Re: (Score:2)
Humans are eukaryotes, aren't they? Latecomers.
Isn't Office still classified as malware? (Score:2)
So, if MS have started to get into the "online hard drive" business, is anyone surprised that it hosts malware?
M$ - The worst spammer network in the world (Score:2)
What do you expect from the company that is the #1 spam hosting network in the world ?
https://www.spamhaus.org/stati... [spamhaus.org]
Security to M$ has always been a joke and an afterthought. The ONLY time they pay attention to security is when they get humiliated and exposed as clowns.
Google Drive isn't much better (Score:2)
MS claims to be a "security leader"? (Score:2)
That must be the "Big Lie" technique at work. Because they are clearly exactly the opposite: Responsible for a major part of todays security problems.