- Senator Ron Wyden has asked for a probe to Microsoft
- This comes after ransomware -attack, especially on Ascension Healthcare
- Microsoft is charged with ‘gross cyber security negligence.’
US Senator Ron Wyden has written a letter to the FTC chairman to urge them to open a study of Microsoft over the company’s ‘negligent cybersecurity’ in relation to ransomware -attack against American critical infrastructure;
“I urge the FTC to investigate Microsoft and hold the company responsible for the serious damage it has caused from delivering dangerous, uncertain software to the US government and to critical infrastructure units, such as those in the US health sector,” Wyden wrote in a letter to FTC chairman Andrew Ferguson.
Earlier this year, millions were left in danger after SOSCENSE HEALTHCARE revealed a data violation, probably in the hands of C10P ransomware.
Carberoasting attack
Senator Wyden’s office has reportedly received new information – “Hacked began when a contractor clicked on a malicious link after doing a web search on Microsoft’s Bing Search engine.”
After this, a contractor’s laptop was infected with malware, which the letter claims was due to “dangerously uncertain default settings on Microsoft software allowed the hackers to eventually gain very privileged access to the most sensitive parts of Ascension’s network.”
“Without timely action, Microsoft’s culture of negligent cyber security combined with its de facto monopolization of the company’s operating system market is a serious national security threat and makes further hacks inevitable.”
The attacks allegedly used something called ‘kerberoasting’ – a technique that exploits uncertain encryption technologies from all the way back in the 1980s known as ‘RC4’. These are still supported by Microsoft Software, and Wyden claims Microsoft should warn customers of such dangers.
Microsoft has not yet released a patch or update for the vulnerability, nor has the company been able to warn customers.
“RC4 is an old standard and we discourage the use of both in how we construct our software and in our documentation to customers – which is why it makes up less than 0 Techradar Pro.
“Disabling the use would completely break many customer systems. For this reason, we are on a way to gradually reduce the extent to which customers can use it while giving strong warnings against it and advice to use it in the safest ways possible. We have it on our roadmap to eventually disable its use. others. ”
