The conversation kickstarter was the security researcher known as TheAnalyst, who took to Twitter to call out Microsoft for dragging its feet when it came to removing ransomware facilitating malware hosted on OneDrive.
“Does @Microsoft have any responsibility in this when they KNOWINGLY are hosting hundreds of files leading to this, now for over three days,” asked TheAnalyst.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
- Take a look at these best alternatives to Microsoft Office
- Check our list of the best firewall apps and services
- Shield yourself with these best identity theft protection services
Former Microsoft security analyst Kevin Beaumont joined in the conversation noting that OneDrive has been used for hosting malware for years.
“Microsoft cannot advertise themselves as the security leader with 8000 security employees and trillions of signals if they cannot prevent their own Office365 platform being directly used to launch Conti ransomware. OneDrive abuse has been going on for years,” noted Beaumont.
It’s the same everywhere
Beaumont continued, explaining that getting things taken down from OneDrive is a nightmarish process. He went as far as to cite Microsoft’s rather slow reaction times to refer to it as the “world’s best malware hoster for about a decade.”
However, reporting on the development, HotHardware notes that using cloud storage services to host malware is a problem that plagues other vendors as well. In fact, according to a research by the Bern University of Applied Sciences, Google Cloud and Cloudflare are currently among the top online malware hosting networks.
Beaumont agrees that the problem isn’t exclusive to Microsoft, calling on all “tech companies have got to do better.”
Not so simple
According to security experts that TechRadar Pro spoke to, the issue isn’t as simple to fix as it sounds.
Morey Haber, chief security officer, with cybersecurity vendor BeyondTrust, argues that thanks to the prevailing privacy-paramount atmosphere, it wouldn’t take much effort for anyone to get away with uploading malware to their private online storage.
“The question is, does the online provider have the authority or responsibility to assess the files, in a private instance, for malware or potential illegal activity? And, if they do, how much authority do they have to assess anything for any type of legal issues? Simply, where does the cloud service provider start and stop being a representative for law enforcement,” asks Haber.
He continues that of course if the malware in the cloud is publicly accessible, or accessible to large quantities of people, or being served to individuals as a part of an attack or other illegal activity, it is established procedure for the cloud provider to take them down immediately.
However, in his opinion assessing a private instance shouldn’t be subject to the same legal paradigm. This would perhaps explain the inaction of the cloud providers against the malware hosted in the threat actor’s private silos.
- Protect your devices with these best antivirus software