- Senator Ron Wyden has asked for a probe in Microsoft
- This comes after ransomware attacks, particularly in ascension Healthcare
- Microsoft is accused of ‘gross cybersecurity negligence’.
The American senator Ron Wyden has written a letter to the president of the FTC to urge them to open a Microsoft investigation into the company’s ‘negligent cybersecurity’ in relation to ransomware attacks against the critical infrastructure of the United States;
“I urge the FTC to investigate Microsoft and hold the company responsible for the serious damage it has caused by offering dangerous and insecure software to the United States government and the critical infrastructure entities, such as those of the United States medical care sector,” Wyden wrote in a letter to the president of the FTC, Andrew Ferguson.
Earlier this year, millions were at risk after As Ascension Healthcare revealed a data violation, most likely at the hands of the C10P ransomware.
Karberoasting attacks
According to the reports, the Wyden Senator’s office obtained new information: “The Hack began when a contractor clicks on a malicious link after performing a web search in the Microsoft Bing search engine.”
After this, the portable computer of a contractor was infected with malware, which the letter states was due to “the predetermined configuration dangerously insecure in the Microsoft software allowed the computer pirates to obtain highly privileged access to the most sensitive parts of the ascension network.”
“Without a timely action, the Microsoft negligent cybersecurity culture, combined with its de facto monopolization of the business operating systems market, raises a serious threat of national security and makes additional hacks inevitable.”
According to reports, the attacks used something called ‘Querberoasting’, a technique that exploits insecure encryption technologies from all over the road in the 1980s known as ‘RC4’. These are still compatible with Microsoft Software, and Wyden argues that Microsoft should warn customers about such dangers.
Microsoft, until now, has not launched a patch or update for vulnerability, nor has the company contacted to warn customers.
“RC4 is an old standard, and we discourage its use both in the way we design our software and in our documentation to customers, so it represents less than .1% of our traffic,” said a Microsoft spokesman. Techradar Pro.
“However, disable its use would completely break many client systems. For this reason, we are on the way to gradually reduce the degree to which customers can use it, while providing strong warnings and advice to use it as a safely as possible. We have it on our road map to finally deactivate their use. We have committed to the senator’s office in this problem and we will continue listening to and answers to the questions of them or others. “
