Multiple threat actors using OneDrive in campaigns: infosec expert – iTWire

Multiple threat actors using OneDrive in campaigns: infosec expert

Image by chenspec from Pixabay

Information security expert Kevin Beaumont has continued highlighting the way in which Microsoft hosts ransomware on its own properties, pointing out that there are multiple threat actors using OneDrive in campaigns, with direct links to the platform.

With a touch of sarcasm, Beaumont added: “Was just talking to @ffforward, [another security professional] they made the point that Microsoft took legal action against Trickbot C2s as they said ISPs were too slow at dealing with abuse complaints…

“Maybe we can start a GoFundMe for Microsoft to take legal action against itself?”

In fairness to Microsoft they’re taken 3 Bazarloader sites offline (out of hundreds reported) after 5 days and a very public Twitter thread.

Trillions of signals, 8000 security staff and $10bn a year in security revenue, leads to hosting ransomware ops – might need some work. https://t.co/WbvOEVzQzy

— Kevin Beaumont (@GossiTheDog) October 17, 2021

As iTWire reported on Sunday, Beaumont raised the issue of Microsoft hosting malware on its own servers for years in a Twitter thread, saying: “Microsoft cannot advertise themselves as the security leader with 8000 security employees and trillions of signals if they cannot prevent their own Office365 platform being directly used to launch Conti ransomware. OneDrive abuse has been going on for years. Fix it.”

Microsoft OneDrive is a file-hosting service and synchronisation service operated by the company as part of its Web version of Office, according to Wikipedia.

Beaumont was employed by Microsoft as a security threat analyst until he quit a few months back. He is well-known in the security community for his educated, incisive and informative comments about security incidents on Twitter and also his keen sense of humour.

— Kevin Beaumont (@GossiTheDog) October 18, 2021

In 2019, he christened a Microsoft vulnerability that was susceptible to a worm attack as Bluekeep, and the name has stuck.

Beaumont did not hold back as he continued to prosecute his case on Twitter.

In response to a tweet from a Swiss researcher, who posts under the handle @abuse.ch, he said: “In fairness to Microsoft they’re taken 3 Bazarloader sites offline (out of hundreds reported) after 5 days and a very public Twitter thread.

“Trillions of signals, 8000 security staff and $10bn a year in security revenue, leads to hosting ransomware ops – might need some work.”

iTWire has contacted Microsoft for comment.

if this is going on next week and I’m still dealing with the fallout as a customer I’ll get my video camera out and make a crowdfunding campaign video for DCU.

— Kevin Beaumont (@GossiTheDog) October 18, 2021


Subscribe to ITWIRE UPDATE Newsletter here

PROMOTE YOUR WEBINAR ON ITWIRE

It’s all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinatrs and campaigns and assassistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT’S ON ITWIRE TV NOW!

BACK TO HOME PAGE

Sam Varghese

Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous