Since the early 2000's Microsoft has made it a company-wide endeavor to emphasize security in many of its products, unfortunately, it seems company can't keep up with volume of threats that exist today.
A former Microsoft Senior Threat Intelligence Analyst, Kevin Baumont took to Twitter last week to vent his frustrations over what he has seen as OneDrive malware abuse.
In an opening tweet to an informative thread, Baumont encourages Microsoft, who employs eight thousand security personnel and received trillions of signals to do a better job at preventing OneDrive from being a host to Conti ransomware.
Microsoft cannot advertise themselves as the security leader with 8000 security employees and trillions of signals if they cannot prevent their own Office365 platform being directly used to launch Conti ransomware.
OneDrive abuse has been going on for years.
Fix it. https://t.co/GFpbi8KcXB
— Kevin Beaumont (@GossiTheDog) October 15, 2021
Baumont also shares receipts of report and action times from the OneDrive team that reach close to a month for a response from Microsoft when contacted about a potential threat.
Even more of an indictment than the molasses-like response times is the claim that Microsoft manages to profit off its delayed reactions.
Amusingly MS consume your API and use it to block things on your lists in their security products (I was on the team doing it), but nobody wants to clean up the network. So get screwed, non-E5.
— Kevin Beaumont (@GossiTheDog) October 15, 2021
As a former Senior Threat Intelligence Analyst, Baumont also gives some insight into competitors approaches and the outlook is just as dire elsewhere. According to a 3rd party analyst firm Abuse.ch, while Microsoft ranks in the top three platforms hosting malware, Google and Discord top the list as well as Slack and Pastebin rounding out the top five. The issue of malware isn't isolated to Microsoft, but Baumont's criticisms shine a brighter light on the issues the company continuously struggle with.
Furthermore, Microsoft acknowledges Baumont's observations and agrees that it will need to investigate further improvements to better respond to and prevent the hosting of malware within its products. Microsoft told OnMSFT:
“Abuse of cloud storage is an industry-wide issue and we’re constantly working to reduce the use of Microsoft services to cause harm. We are investigating further improvements to prevent and rapidly respond to the types of abuse listed in this report. We continue to encourage customers to practice good computing habits online, including exercising caution when clicking on links to web pages, opening unknown files, or accepting file transfers, and we also encourage customers to report abuse using this form.”
However, as an industry-wide issue with cloud storage, the company will need to also work with others to come up with more permanent solutions.
Baumont's Twitter exposé of Microsoft's OneDrive malware abuses does conclude on a positive note with updates showing Microsoft addressing some of his concerns.
We have good news — after years OneDrive is finally hosting no malware listed on @abuse_ch, and for the first time in history Microsoft have fallen off the top ten malware hosters.
All the Bazaloader, BazaISO and Qakbot TR payloads are gone.
Keep it up MS. Customers are safer. pic.twitter.com/Z126Md3ncO
— Kevin Beaumont (@GossiTheDog) October 19, 2021
Malware in all its forms is an increasing problem for everyone, Microsoft and OneDrive included, but it's good to see both the problems get some exposure and some progress being made.
