“Check out Microsoft’s average reaction time (to abuse reports).
They’re the world’s best malware hoster for about a decade, due to O365.”
BY:
Salvatore Nicci
Technology Analyst / Reporter
PROJECT COUNSEL MEDIA
18 October 2021 (Paris, France) – If you’ve been following our cybersecurity posts, you know that malware on Windows devices has become a real problem in the last few years, specifically with a recent uptick in ransomware. It appears that Microsoft has been trying to combat this issue, though, with updates to Microsoft Defender, so it has more teeth than ever before. However, what if Microsoft is part of the problem too?
Last week in our cybersecurity newsletter we noted that cybersecurity researcher TheAnalyst had a long thread on Twitter that explained how BazarLoader malware leads to ransomware that can severely affect healthcare, among other industries. He then called out Microsoft, asking if the company has “any responsibility in this when they KNOWINGLY are hosting hundreds of files leading to this,” alongside an image of what appears to be malicious files being hosted in OneDrive:
To back this up, former Microsoft security analyst Kevin Beaumont replied, saying that Microsoft cannot call itself a security leader due to Office365 and OneDrive abuse happening for years. He continued, explaining that getting things taken down from OneDrive is a nightmare process with rather slow reaction times, making Microsoft the “world’s best malware hoster for about a decade, due to O365″:
NOTE: this is not a Microsoft-exclusive problem nor a new issue, as we have seen malware hosted on other platforms in the past. According to research by the Bern University of Applied Sciences, Google and Cloudflare are currently among the top online malware hosting networks:
As such, the entire tech industry needs to be better about finding malicious content hosted on its servers before looking elsewhere for problems.
Beaumont goes into more detail in “Infosec Expert Beaumont Slams Microsoft Over Hosting Malware for Years”, a wee bit of semi-negative write up. Is the situation as dire as the article suggests? Our cybersecurity sources say “Oh, yeah”. This piece is not what you would call:
• A ringing endorsement for Microsoft security
• An illustration of Microsoft’s approach to Office 365
The write up asserts:
An overwhelming majority of ransomware attacks only Windows, with an analysis by staff of the Google-owned VirusTotal database last Thursday showing that 95% of 80 million samples analysed — all the way back to January 2020 — were aimed at Windows.
How has Microsoft responded? The write up quotes infosec expert Beaumont as saying:
Before the train of MS employees arrive saying ‘just report it’, try getting them and future ones taken down yourselves. I did. It was a disaster.
The write up is a mish mash of quotes and tweets, ad contains a number of interesting (allegedly) true factoids. Not-so-great PR for the company that follows China’s content guidelines? Sure seems like it.