Google and MSFT have warned that the US Department of Homeland Security (DHS) has the capacity to conduct “unprecedented” cyberattacks.
In an annual report released today, the two technology giants warn that their vulnerability scanning services are being used to detect a new threat, dubbed “Unprecedented Persistent Vulnerability” (UPV).
According to the report, up to a quarter of the US federal government’s computer systems have been vulnerable to an “unexpectedly high number of known threats” and that up to 40% of US government systems were vulnerable to a “high number of unknown threats.”
Microsoft’s Cyber Intelligence and Incident Response Team (CERT) and Google’s Center for Emerging Threats and Countermeasures (CEPS) were tasked with finding vulnerabilities in software that would allow them to scan the systems for malicious code and attack.
“The threat is growing at an alarming rate, and we have seen this coming for some time,” said Craig Mundie, vice president and general manager of the Google Security team.
We are also working with DHS and other federal agencies to better assess and mitigate the threat to our networks.””
The most critical areas for detection are: network connectivity, system integrity, and critical infrastructures, such as medical facilities, schools, and government buildings.
We are also working with DHS and other federal agencies to better assess and mitigate the threat to our networks.”
Microsoft said that the rise in cyber threats is one reason it decided to move to a cloud-based platform in 2018.
“As cloud computing becomes the norm, companies need to ensure they have all the security tools they need to protect their data and the security and privacy of their employees and customers,” Mundie said.
“This will also help ensure the security, integrity, speed, and security agility that is critical to our future success.”
Google also said it is working with “industry partners and government partners” to develop new tools to protect its customers.
“We have a lot of security tools that are already in use across all our systems, including one we’re working on called Vulnerability Checker.
We’re also using the tools to help us identify and track potential vulnerabilities that we have discovered.
We use them to help ensure our software is secure,” Mundies said.
Microsoft said the report also provides insight into the current state of threat scanning tools and how they can be used to scan systems and protect employees and organizations.
“If a threat is detected, our vulnerability scanning tool automatically creates a report that helps us prioritize our scanning efforts,” Microsoft said.
“While the report highlights a number of potential threats that may have been overlooked, it does not suggest that every threat we have detected is a real threat,” Mundy said.
“We recognize that some vulnerabilities that are not detected may be in other areas of our products and services, so we will continue to monitor them closely for any potential risks.”
Our cybersecurity posture is continually evolving, and while we continue to develop our own scanning tools that help us better protect our customers and our partners, we will always prioritize security and confidentiality over the security or privacy of our customers or partners,” he said.