Cloud Hosting

Cybersecurity researchers have accused Microsoft of knowingly hosting dangerous malware for years.

The conversation kickstarter was the security researcher known as TheAnalyst, who took to Twitter to call out Microsoft for dragging its feet when it came to removing ransomware facilitating malware hosted on OneDrive.

Does @Microsoft have any responsibility in this when they KNOWINGLY are hosting hundreds of files leading to this, now for over three days, asked TheAnalyst.

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

Former Microsoft security analyst Kevin Beaumont joined in the conversation noting that OneDrive has been used for hosting malware for years.

Microsoft cannot advertise themselves as the security leader with 8000 security employees and trillions of signals if they cannot prevent their own Office365 platform being directly used to launch Conti ransomware. OneDrive abuse has been going on for years, noted Beaumont.

Beaumont continued, explaining that getting things taken down from OneDrive is a nightmarish process. He went as far as to cite Microsofts rather slow reaction times to refer to it as the worlds best malware hoster for about a decade.

However, reporting on the development, HotHardware notes that using cloud storage services to host malware is a problem that plagues other vendors as well. In fact, according to a research by the Bern University of Applied Sciences, Google Cloud and Cloudflare are currently among the top online malware hosting networks.

Beaumont agrees that the problem isnt exclusive to Microsoft, calling on all tech companies have got to do better.

According to security experts that TechRadar Pro spoke to, the issue isnt as simple to fix as it sounds.

Morey Haber, chief security officer, with cybersecurity vendor BeyondTrust, argues that thanks to the prevailing privacy-paramount atmosphere, it wouldnt take much effort for anyone to get away with uploading malware to their private online storage.

The question is, does the online provider have the authority or responsibility to assess the files, in a private instance, for malware or potential illegal activity? And, if they do, how much authority do they have to assess anything for any type of legal issues? Simply, where does the cloud service provider start and stop being a representative for law enforcement, asks Haber.

He continues that of course if the malware in the cloud is publicly accessible, or accessible to large quantities of people, or being served to individuals as a part of an attack or other illegal activity, it is established procedure for the cloud provider to take them down immediately.

However, in his opinion assessing a private instance shouldnt be subject to the same legal paradigm. This would perhaps explain the inaction of the cloud providers against the malware hosted in the threat actors private silos.

Via HotHardware

Go here to read the rest:
Cloud storage services are riddled with malware, and theres little they can do about it - TechRadar