- Senator Ron Wyden asked for a probe on Microsoft
- This comes after ransomware attacks, in particular ascension health care
- Microsoft is accused of “raw neglect of cybersecurity”.
The American senator Ron Wyden wrote a letter to the president of the FTC to urge them to open an investigation into Microsoft on the “ negligent cybersecurity ” of the company in relation to the attacks of ransomware against the American critical infrastructure;
“I exhort the FTC to investigate Microsoft and to hold the company responsible for the seriousness of damage which it has caused by the delivery of dangerous and unsafe software to the American government and to critical infrastructure entities, such as those of the American health care sector,” Wyden wrote in a letter to the president of the FTC and the FTC Ferguson.
Earlier this year, millions of people were left in danger after Ascension Healthcare revealed a data violation, probably in the hands of the C10P ransomware.
Karberoasting attacks
The Senator Wyden’s office would have obtained new information – “The hack started when an entrepreneur clicked on a malicious link after doing a web search on the Microsoft Bing search engine.”
Following this, the laptop of an entrepreneur was infected with malicious software, which, according to the letter, was due “of dangerously undergoing defect parameters on Microsoft software allowed the pirates to obtain very privileged access to the most sensitive parts of the ascent network”.
“Without timely action, the culture of negligence cybersecurity of Microsoft, combined with its de facto monopolization of the business operating system market, is a serious threat to national security and makes inevitable inevitable hacks.”
The attacks would have used something called “Kerberoasting” – a technique that has exploited unsecured encryption technologies since the entire path in the 1980s known as “RC4”. These are always supported by Microsoft Software, and Wyden maintains that Microsoft should warn customers of these dangers.
Microsoft has not yet published a correction or update for vulnerability, and the company has not held the hand to warn customers.
“RC4 is an old standard, and we discourage its use both in the way we ingest our software and in our documentation to customers – that is why it represents less than 0.1% of our traffic,” said a Microsoft spokesperson Techradar Pro.
“However, deactivating its use would completely break many customer systems. For this reason, we are on the way to the track to gradually reduce the extent to which customers can use it, while offering strong warnings and advice to use it as safe as possible. We have it on our roadmap to end its use.
