U.S. Senator Ron Wyden has called on the Federal Trade Commission (FTC) to probe Microsoft and hold it responsible for what he called “gross cybersecurity negligence” that enabled ransomware attacks on U.S. critical infrastructure, including against healthcare networks.
“Without timely action, Microsoft’s culture of negligent cybersecurity, combined with its de facto monopolization of the enterprise operating system market, poses a serious national security threat and makes additional hacks inevitable,” Wyden wrote in a four-page letter to FTC Chairman Andrew Ferguson, likening Redmond to an “arsonist selling firefighting services to their victims.”
The development comes after Wyden’s office obtained new information from healthcare system Ascension, which suffered a crippling ransomware attack last year, resulting in the theft of personal and medical information associated with nearly 5.6 million individuals.
The ransomware attack, which also disrupted access to electronic health records, was attributed to a ransomware group known as Black Basta. According to the U.S. Department of Health and Human Services, the breach has been ranked as the third-largest healthcare-related incident over the past year.
According to the senator’s office, the breach occurred when a contractor clicked on a malicious link after conducting a web search on Microsoft’s Bing search engine, causing their system to be infected with malware. Subsequently, the attackers leveraged “dangerously insecure default settings” on Microsoft software to obtain elevated access to the most sensitive parts of Ascension’s network.
This involved the use of a technique called Kerberoasting that targets the Kerberos authentication protocol to extract encrypted service account credentials from Active Directory.
Kerberoasting “exploits an insecure encryption technology from the 1980s known as ‘RC4’ that is still supported by Microsoft software in its default configuration,” Wyden’s office said, adding it urged Microsoft to warn customers about the threat posed by the threat on July 29, 2024.
RC4, short for Rivest Cipher 4, is a stream cipher that was first developed in 1987. Originally intended to be a trade secret, it was leaked in a public forum in 1994. As of 2015, the Engineering Task Force (ETF) has prohibited the use of RC4 in TLS, citing a “variety of cryptographic weaknesses” that allow plaintext recovery.
Eventually, Microsoft did publish an alert in October 2024 outlining the steps users can take to stay protected, in addition to stating its plans to deprecate support for RC4 as a future update to Windows 11 24H2 and Windows Server 2025 –
The accounts most vulnerable to Kerberoasting are those with weak passwords and those that use weaker encryption algorithms, especially RC4. RC4 is more susceptible to the cyberattack because it uses no salt or iterated hash when converting a password to an encryption key, allowing the cyberthreat actor to guess more passwords…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
