A British tech researcher, who quit working as a security threat analyst with Microsoft a few months back, has called on his former employer to act swiftly and remove links to ransomware on its Office365 platform. Bet you didn’t see that coming, did you?

Former Microsoft employee exposes ransomware scheme

In a tweet sent on Friday, Beaumont said that Microsoft cannot advertise themselves as the security leader with 8000 security employees and trillions of signals if they cannot prevent their own Office365 platform from being directly used to launch Conti ransomware. He was, of course, responding to a tweet from an infosec professional using the handle TheAnalyst. Check out Microsoft’s average reaction time (to abuse reports). They’re world’s best malware hoster for about a decade, due to O365. pic.twitter.com/95Riv0kmDg — Kevin Beaumont (@GossiTheDog) October 15, 2021 According to the security company Palo Alto Networks, BazarLoader (sometimes referred to as BazaLoader) is malware that provides backdoor access to an infected Windows host. — TheAnalyst (@ffforward) October 15, 2021 After a client is infected, criminals use this backdoor access to send follow-up malware, scan the environment and exploit other vulnerable hosts on the network. An overwhelming majority of ransomware attacks only Windows, with an analysis by the staff of the Google-owned VirusTotal database last Thursday showing that 95% of 80 million samples were analyzed.  VirusTotal is a site where security researchers can submit any ransomware they find and have it scanned by anti-virus engines to see if it can be identified. Beaumont, who has a well-earned reputation as a researcher who is quick to admit faults in his own industry, acknowledged that other technology companies also played a big role in hosting malware. He also said that there’s somebody in the replies from Microsoft saying when things are detected by Defender, they’re automatically taken down in OneDrive. SPONSORED That’s categorically not true, that functionality isn’t there. Microsoft needs to have a long, hard look at this problem. Bazarloader had moved from Google Drive to OneDrive, according to these recent allegations. For the record, the oldest active malware site with an age of 19 months is hosted on Sharepoint and serving GuLoader: 👉 https://t.co/QGqi21z7JO pic.twitter.com/7FlkaZasP4 — abuse.ch (@abuse_ch) October 16, 2021 Asked by Lee Holmes, the principal security architect for Azure Security, whether he had reported this to Microsoft, Beaumont said the Swiss researcher had done so. Beaumont added that Microsoft’s attitude towards the presence of malware on its Office365 platform had been like that for years. However, this is not a Microsoft-exclusive problem nor a new issue, as we have seen malware hosted on other platforms in the past.  — Lee Holmes (@Lee_Holmes) October 15, 2021 According to research by the Bern University of Applied Sciences, Google and Cloudflare are currently among the top online malware-hosting networks.   As such, the entire tech industry needs to be better about finding malicious content hosted on its servers before looking elsewhere for problems.  In any case, hopefully, this incident will drive Microsoft to decisive action that can help protect millions of people and thousands of organizations from debilitating malware attacks. What’s your take on this whole situation? Share your opinion with us in the comment section below.

Name * Email * Commenting as . Not you? Save information for future comments
Comment

Δ