'Microsoft is akin to an arsonist profiting from selling firefighting services,' asserts US senator directing FTC to probe cybersecurity gaps, while Microsoft insists it has solutions
US Senator Ron Wyden brings attention to potential cybersecurity negligence at Microsoft, believing its outdated encryption practices are vulnerable to ransomware attacks.
US Senator Ron Wyden has sent a letter to the Federal Trade Commission (FTC) urging them to investigate Microsoft for what he characterizes as significant cybersecurity negligence. His concerns mainly focus on an outdated form of encryption that he believes leaves Microsoft’s Windows operating system susceptible to ransomware attacks.
In his letter, Senator Wyden referenced an investigation conducted by his office into a ransomware breach affecting Ascension, a healthcare provider. This breach was attributed directly to the continued support for the RC4 encryption cipher, which has long been considered compromised but remains in use by Microsoft’s Active Directory systems.
“Because of misguided decisions in software engineering by Microsoft, concealed from their customers, a single person within a medical institution clicking a harmful link could lead to a widespread ransomware crisis,” Wyden stated.
The reliance on the RC4 encryption method poses significant risks, particularly highlighted in the Ascension breach, where attackers were able to access sensitive information pertaining to 5.6 million patients.
Senator Wyden has advocated for the FTC to hold Microsoft accountable for the alleged dangers presented by its software engineering practices, stating that the responsibility of the fallout from such negligence ultimately impacts both Microsoft’s customers and the public at large.
