Wyden urges the FTC to study Microsoft on Cyberattack Ascension

Diving brief:

• Senator Ron Wyden, D-ear., Exhorted the Federal Trade Commission to investigate Microsoft for having allegedly allowed the massive cyber attack on the health system based in Saint-Louis last year.
• In a letter sent to the President of the FTC, Andrew Ferguson, Wyden alleged that the technology giant had contributed to the attack by “offering dangerous software on Wednesday, including the health sector, including the health sector.
• The attack on ransomware against Ascension, one of the largest non -profit health systems in the country, has put online critical technological systems for weeks, forced certain facilities to divert ambulances and expose sensitive health data of 5.5 million people.

Diving insight:

Microsoft has a “de facto monopoly” with its Windows operating system, given its use by most companies and government agencies, according to Wyden, an influential senator who has often drawn attention to the challenges of the health sector with cybersecurity.

But he maintains that Windows’s default configuration is vulnerable to ransomware attacks, leaving customers exposed to a cyber attack on the organization’s scale if only one worker clicks on the wrong link. Meanwhile, the technology giant “has completely managed to stop or even slow down the scourge of ransomware made in place by its dangerous software,” said Wyden.

The main cyber attack on the ascent is an example of potential damage, according to the letter. The health system told Wyden personnel that a contractor using an Ascension laptop had carried out a search on Microsoft’s Bing search engine in February 2024 and inadvertently clicked on a link containing malware.

The pirates were then able to move through the entire ascent network and receive administrative privileges in user accounts managed by the Microsoft Active Directory server, which allows them to distribute ransomware to thousands of other computers.

The attackers were able to access this access using a technique called “Kerberoasting”, which operates an unsecured encryption technology of the 1980s called RC4, Wyden wrote.

Although Microsoft supports higher encryption technology, it is not activated by default in Windows, according to the letter. And although the technology giant has published a blog post on how organizations can protect itself and have promised to publish a software update that will deactivate RC4, the update has not yet come, Wyden wrote.

Meanwhile, Microsoft benefits by selling additional cybersecurity services, he added.

“At this stage, Microsoft has become like an incendiary selling fire fighting services to their victims,” ​​Wyden wrote. “And yet, government agencies, companies and non-profit organizations like Ascension have no choice but to continue using company software, even after their hacking, due to Microsoft’s quasi-monopoly on IT in business.”

In a press release, Microsoft said he had already deleted another encryption standard with problems similar to RC4. In addition, new Active Directory domains installations using Windows Server 2025 will be deactivated RC4 by default in next quarter next year.

“RC4 is an old standard, and we discourage its use both in the way we ingest our software and in our documentation to customers – which is why it represents less than 0.1% of our traffic,” said a spokesperson for Healthcare Dive. “However, the deactivation of its fully shattered use would break many customer systems. For this reason, we are on the way to the way to gradually reduce the extent to which customers can use it, while offering solid warnings against him and advice for the surest way. We have it on our roadmap to finally deactivate its use. ”

An FTC spokesperson confirmed that the agency had received the letter, but said that it had no comments. Ascension did not respond to a request for comments at the time of the press.