Contact us today!
561-795-2000 
844-795-2001

FRS Pros Blog

SolarWinds Hack - Everything You Need to Know About The Largest Cyber Attack of All Time

SolarWinds Hack - Everything You Need to Know About The Largest Cyber Attack of All Time

True to form, 2020 has given us a final parting gift: the news that the United States was targeted this year by the biggest cyberespionage attack ever. Let’s go into the ramifications of this attack, and what it should teach us going forward.

 How Did the Attack Happen?

In short, an IT management company known as SolarWinds was breached back in March, affecting a massive number of organizations—18,000 in all. These organizations include the likes of Microsoft, Cisco, and FireEye, as well as many states and federal organizations, including:

  • The U.S. Department of State
  • The U.S. Department of the Treasury
  • The U.S. Department of Homeland Security
  • The U.S. Department of Energy
  • The U.S. National Telecommunications and Information Administration
  • The National Institutes of Health, of the U.S. Department of Health
  • The U.S. National Nuclear Security Administration

When the attackers gained access to SolarWinds’ network, they were able to use what is known as a supply chain attack to introduce their malware to these departments and organizations by pushing it through the company’s automatic software update system for their Orion products. These kinds of attacks can be particularly effective since the threat is introduced to an environment via a trusted application.

Making this situation worse, many SolarWinds customers had excluded Orion products from their security checks on SolarWinds’ recommendation to prevent their other security products from shutting them down due to the malware signatures that these security products contain.

While (at the time of this writing) it is unclear what the attackers responsible used this access to do, the potential ramifications are truly terrifying. While government departments were targeted, it also needs to be said that this attack could have potentially continued from the major providers like Microsoft and Cisco to their clients, and so on and so forth. That’s why there is still no estimate of this attack’s true scope.

This attack was seemingly only discovered when an employee at FireEye received an alert that their VPN credentials had been used from a new device, and a little digging revealed the much larger situation playing out.

This Wasn’t the Only Attack, Either

Another attack was also discovered on SolarWinds’ network when the company performed an internal audit of its systems. On December 18, a second malware was found to have used the same tactic to infiltrate SolarWinds, but as of this writing does not seem to come from the same source.

What This Needs to Teach Us

Frankly, the most important lessons to be learned here are painfully obvious. First off, cybersecurity needs to be prioritized above all else, and all potential threats should be considered a likelihood. After all, the U.S. government was warned about the viability of exactly this kind of threat back in 2018 by the Government Accountability Office.

Secondly, the concept of your employees being a huge part of your cybersecurity strategy needs to be reinforced. This was only discovered when an employee was alerted of unusual activity and took that alert seriously. Your team needs to know what they are looking out for, and how to proceed if they spot it.

While we likely will not know how deeply this threat went for some time, you can at least be sure that FRS Pros is here to help keep your IT as safe as possible. If you have any questions for us regarding your business’ technology, do not hesitate to give us a call at 561-795-2000.

Tip of the Week: 4 Resolutions for Your Business T...
How Managed Services Can Benefit the Busiest Place...

By accepting you will be accessing a service provided by a third-party external to https://frspros.com/

Mobile? Grab this Article!

QR-Code

Tag Cloud

Tip of the Week Security Technology Best Practices Productivity Business Computing Network Security Privacy Hackers Internet Software Google User Tips Efficiency Innovation Cloud Hardware Data Microsoft Workplace Tips Email Communication Business Management Business Hosted Solutions Smartphones Small Business Computer Mobile Devices IT Support Windows 10 Cybersecurity Android IT Services Collaboration Data Backup Malware Tech Term Backup VoIP Data Recovery Browser Disaster Recovery Smartphone Users Upgrade Office 365 Phishing Outsourced IT Gadgets Windows Miscellaneous Communications Internet of Things Information Ransomware Quick Tips Cloud Computing Covid-19 Network Apps Data Security Mobile Device Managed Service Cybercrime Business Continuity Saving Money Microsoft Office Automation Passwords Social Media Managed IT Services Operating System Mobile Device Management Facebook Health Wireless Blockchain Two-factor Authentication Holiday Money Vulnerability Artificial Intelligence Information Technology Alert OneNote Conferencing Law Enforcement Save Money Employer-Employee Relationship Server Chrome Spam Best Practice Managed IT Services Networking Wi-Fi Printing IT Support Mobile Office Managed IT Virtualization Applications App Battery Telephone Systems Tech Support Risk Management Bandwidth Retail Data Storage Password WiFi Access Control Paperless Office Hacking Word Windows 10 Bring Your Own Device Gmail Patch Management Remote BDR Vendor Project Management HIPAA Computers Managed Service Provider Data Breach Remote Workers Router Unsupported Software Augmented Reality BYOD Google Drive Settings Windows 7 Search Safety Excel Avoiding Downtime Mobility File Sharing Business Technology Productivity Apple Software as a Service Fraud Hard Drive Sales Display Training Sports Proactive IT Evernote Human Resources SaaS Telephony User Error YouTube Going Green Social Payment Cards Government Touchscreen Cortana Update Management Data Loss Robot Shortcut Politics The Internet of Things Audit Mobile Security Data Protection Wireless Charging Meetings Google Docs Smartwatch VPN iPhone Google Assistant Devices Hybrid Cloud History IT Management Budget Wireless Internet Cost Management Voice over Internet Protocol Wireless Technology Application Marketing WannaCry Encryption Travel Hosted Solution Commerce Data Management Investment Net Neutrality IT Solutions Streaming Media Gamification Keyboard Shortcuts Managed IT Service Remote Working Lithium-ion battery Accessory Myths Laptop Procedure 5G Sabotage Transportation Troubleshooting Webinar Proactive Business Intelligence Solutions Instant Messaging Hacker Access Tablets Virtual Assistant Maintenance E-Commerce Copiers Private Cloud Consultant ROI Internet Service Provider Emergency Chromecast Sync Memory Managed Services Provider Reviews Remote Monitoring Storage Testing Social Engineering Computer Forensics FAQ Peripheral Threats Touchpad Video Conferencing Point of Sale Edge PC CRM IT solutions Chromebook Co-Managed Services Websites Digital Signage Printer Keyboard Internet Exlporer NFL Alexa for Business eWaste Inventory Entertainment Windows Server 2008 R2 End of Support iOS WIndows Server 2008 Financial Payroll Facebook Privacy Managed Services Identity Theft Camera Identities Windows 10s HBO Charger Scams Humor Organization Office Uninterrupted Power Supply Ciminal Employees AI Telephone Data Theft Firewall PCI DSS Computer Care Nanotechnology Device Security Employee Screen Mirroring Workstation Adobe Workers Security Cameras eCommerce Personal Information Unified Threat Management Vendor Management Legislation Projects Language Solid State Drive PowerPoint Admin Virtual Private Network Scam OneDrive Files Gifts Hyperlink Computing Processor Regulations Compliance Root Cause Analysis Education DDoS Windows Ink Compliance Break/Fix Hosted Desktop Reputation Emails Cast Development Data storage Telework Computer Fan Recovery Licensing Updates Machine Learning Fiber Optics Upgrades Samsung Disaster Identity Comparison Printers Remote Computing Remote Work Hard Disk Drive Outlook Saving Time Innovations Microsoft Excel Employee-Employer Relationship IT budget Server Maintenance Value Credit Cards Wasting Time App store Benchmarks Policy Google Maps Spyware Medical IT Smart Devices Legal Micrsosoft Audits Administrator Amazon Microsoft Word Downtime Holidays Antivirus Data Privacy Specifications Virus es Cache Computer Accessories Music Twitter Office tips Smart Technology Thank You Flexibility Advertising Monitors Scalability Analytics Television CrashOverride Congratulations Company Culture Black Market Cleaning HaaS Big Data Automobile Relocation Managing Stress Communitications USB Worker How To Books PDF Hiring/Firing Video Games Experience Virtual Reality Mobile Computing Work/Life Balance Current Events Electronic Medical Records Crowdsourcing Employer Employee Relationship Text Messaging Benefits Regulation Phone System Save Time