Microsoft Security Analyst Says Office 365 Knowingly Hosted Malware

Hold on to your seats and keep your arms inside the carriage at all times, because this ride is about to get bumpy.

• Microsoft is again at the center of a huge high-risk scandal.
• A former security analyst decided to expose the tech giant.
• Office 365 has been intentionally hosting malware for years.
• This could actually be a massive hit for the Redmond company.

A British tech researcher, who quit working as a security threat analyst with Microsoft a few months back, has called on his former employer to act swiftly and remove links to ransomware on its Office365 platform.

Bet you didn’t see that coming, did you?

Former Microsoft employee exposes ransomware scheme

In a tweet sent on Friday, Beaumont said that Microsoft cannot advertise themselves as the security leader with 8000 security employees and trillions of signals if they cannot prevent their own Office365 platform from being directly used to launch Conti ransomware.

He was, of course, responding to a tweet from an infosec professional using the handle TheAnalyst.

Before the train of MS employees arrive saying ‘just report it’, try getting them and future ones taken down yourselves. I did. It was a disaster.

Check out Microsoft’s average reaction time (to abuse reports). They’re world’s best malware hoster for about a decade, due to O365. pic.twitter.com/95Riv0kmDg

— Kevin Beaumont (@GossiTheDog) October 15, 2021

According to the security company Palo Alto Networks, BazarLoader (sometimes referred to as BazaLoader) is malware that provides backdoor access to an infected Windows host.

You all have read how #BazarLoader #BazaLoader leads to #ransomware, in particular #conti that doesn’t care that they target healthcare etc? Does @Microsoft have any responsibility in this when they KNOWINGLY are hosting hundreds of files leading to this, now for over three days? https://t.co/UxTDYVIXJF pic.twitter.com/uHUxzHRV8W

— TheAnalyst (@ffforward) October 15, 2021

After a client is infected, criminals use this backdoor access to send follow-up malware, scan the environment and exploit other vulnerable hosts on the network.

An overwhelming majority of ransomware attacks only Windows, with an analysis by the staff of the Google-owned VirusTotal database last Thursday showing that 95% of 80 million samples were analyzed. 

VirusTotal is a site where security researchers can submit any ransomware they find and have it scanned by anti-virus engines to see if it can be identified.

Beaumont, who has a well-earned reputation as a researcher who is quick to admit faults in his own industry, acknowledged that other technology companies also played a big role in hosting malware.

He also said that there’s somebody in the replies from Microsoft saying when things are detected by Defender, they’re automatically taken down in OneDrive.

Some PC issues are hard to tackle, especially when it comes to corrupted repositories or missing Windows files. If you are having troubles fixing an error, your system may be partially broken. We recommend installing Restoro, a tool that will scan your machine and identify what the fault is.Click here to download and start repairing.

Expert tip:

SPONSORED

That’s categorically not true, that functionality isn’t there. Microsoft needs to have a long, hard look at this problem.

Bazarloader had moved from Google Drive to OneDrive, according to these recent allegations.

There you go. Let’s see how long it takes for MS to get those 867 malware sites taken down. I’m crossing my fingers 🤞

For the record, the oldest active malware site with an age of 19 months is hosted on Sharepoint and serving GuLoader:

👉 https://t.co/QGqi21z7JO pic.twitter.com/7FlkaZasP4

— abuse.ch (@abuse_ch) October 16, 2021

Asked by Lee Holmes, the principal security architect for Azure Security, whether he had reported this to Microsoft, Beaumont said the Swiss researcher had done so.

Their content used to be taken down from Google Drive almost instantly because, we, Microsoft, reported it to Google. It is still online, days later, on OneDrive despite being reported, because Microsoft is fumbling it. Fix it.

Beaumont added that Microsoft’s attitude towards the presence of malware on its Office365 platform had been like that for years.

I had to do things list send to CERT, get nowhere, send to DSRE, get nowhere, cc in managers etc. O365 has https://abuse.ch takedowns pending for months.

However, this is not a Microsoft-exclusive problem nor a new issue, as we have seen malware hosted on other platforms in the past. 

@ffforward Did you report these? There are extensive systems to address malicious content (including an abuse reporting API)https://t.co/cSRbLEiLKn

— Lee Holmes (@Lee_Holmes) October 15, 2021

According to research by the Bern University of Applied Sciences, Google and Cloudflare are currently among the top online malware-hosting networks.  

As such, the entire tech industry needs to be better about finding malicious content hosted on its servers before looking elsewhere for problems. 

In any case, hopefully, this incident will drive Microsoft to decisive action that can help protect millions of people and thousands of organizations from debilitating malware attacks.

What’s your take on this whole situation? Share your opinion with us in the comment section below.

If the advices above haven’t solved your issue, your PC may experience deeper Windows problems. We recommend downloading this PC Repair tool (rated Great on TrustPilot.com) to easily address them. After installation, simply click the Start Scan button and then press on Repair All.

Still having issues? Fix them with this tool:

• Office 365

Email *

Commenting as . Not you?

Comment