094 90 48200    Get SUPPORT

Aniar IT Services Blog

What You Need to Know About the Massive Solarwinds Hack

What You Need to Know About the Massive Solarwinds Hack

2020 has been filled to the brim with adversity and just as we’ve mercifully arrived to the end, the largest and most brazen cyberespionage attack ever has been carried out. Today, we’ll tell you what we know about the attack, what problems it caused, and what we should learn from it going forward.

 How Did the Attack Happen?

In short, an IT management company known as SolarWinds was breached back in March, affecting a massive number of organizations—18,000 in all. These organizations include the likes of Microsoft, Cisco, and FireEye, as well as many states and federal organizations, including:

  • The U.S. Department of State
  • The U.S. Department of the Treasury
  • The U.S. Department of Homeland Security
  • The U.S. Department of Energy
  • The U.S. National Telecommunications and Information Administration
  • The National Institutes of Health, of the U.S. Department of Health
  • The U.S. National Nuclear Security Administration

When the attackers gained access to SolarWinds’ network, they were able to use what is known as a supply chain attack to introduce their malware to these departments and organizations by pushing it through the company’s automatic software update system for their Orion products. These kinds of attacks can be particularly effective since the threat is introduced to an environment via a trusted application.

Making this situation worse, many SolarWinds customers had excluded Orion products from their security checks on SolarWinds’ recommendation to prevent their other security products from shutting them down due to the malware signatures that these security products contain.

While (at the time of this writing) it is unclear what the attackers responsible used this access to do, the potential ramifications are truly terrifying. While government departments were targeted, it also needs to be said that this attack could have potentially continued from the major providers like Microsoft and Cisco to their clients, and so on and so forth. That’s why there is still no estimate of this attack’s true scope.

This attack was seemingly only discovered when an employee at FireEye received an alert that their VPN credentials had been used from a new device, and a little digging revealed the much larger situation playing out.

This Wasn’t the Only Attack, Either

Another attack was also discovered on SolarWinds’ network when the company performed an internal audit of its systems. On December 18, a second malware was found to have used the same tactic to infiltrate SolarWinds, but as of this writing does not seem to come from the same source.

What This Needs to Teach Us

Frankly, the most important lessons to be learned here are painfully obvious. First off, cybersecurity needs to be prioritized above all else, and all potential threats should be considered a likelihood. After all, the U.S. government was warned about the viability of exactly this kind of threat back in 2018 by the Government Accountability Office.

Secondly, the concept of your employees being a huge part of your cybersecurity strategy needs to be reinforced. This was only discovered when an employee was alerted of unusual activity and took that alert seriously. Your team needs to know what they are looking out for, and how to proceed if they spot it.

We may not know the scope of these attacks for a while. That shouldn’t stop you from reaching out to the IT professionals at Aniar IT Services to get an assessment and a consultation. Call us today at 094 90 48200 to get started protecting your network, infrastructure, and data.

Net Neutrality and the Digital Future
Is 2021 the Year Your Business Embraces VoIP? (It ...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, January 21 2021

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://www.aniar.ie/

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Technology Best Practices Productivity Business Computing Cloud Google Efficiency Email Privacy User Tips Workplace Tips Network Security Internet Hosted Solutions IT Support Innovation Microsoft Data Software Communication Mobile Device Hackers Users Hardware VoIP Collaboration Data Backup Smartphones Business Small Business Phishing Data Recovery IT Services Managed IT Services Android Cybersecurity Network Mobile Devices Cloud Computing Computer Tech Term Smartphone Windows 10 Communications Managed Service Malware Gadgets Backup Miscellaneous Windows Outsourced IT Business Continuity Browser Saving Money Artificial Intelligence Passwords Internet of Things Upgrade Spam Business Management BDR Quick Tips Information Disaster Recovery Facebook Office 365 Save Money Chrome Social Media Server Covid-19 Holiday How To Router Automation Wi-Fi BYOD Microsoft Office Applications Computers Data Security Encryption Patch Management Paperless Office Mobile Office Data Storage Word Cybercrime Blockchain Operating System Apps Networking Windows 7 Government Settings Remote Work Virtualization Human Resources Infrastructure Telephone System Mobile Device Management Vendor Staff Ransomware Bandwidth History Remote Two-factor Authentication Vulnerability Display Data Protection Money HIPAA Data Breach Managed IT Connectivity Remote Monitoring CES Procurement Website OneNote Redundancy Voice over Internet Protocol Health Fraud Telephone Systems Unsupported Software Social Engineering Servers Content Management Avoiding Downtime Employee/Employer Relationship Managed Services Net Neutrality Keyboard Wireless VPN WiFi Password Comparison Spam Blocking Help Desk Machine Learning Compliance Digital Signage Google Docs Law Enforcement Processor Bring Your Own Device Cryptocurrency IT Management Software as a Service Augmented Reality Conferencing Training Telephony Vendor Management App Scam Hard Drive Business Intelligence Identity Theft Update Meetings Google Drive Botnet Office Audit Virtual Assistant Education Managed Services Provider Private Cloud IT Plan Sports Big Data Business Technology Access Control Managed IT services Cast Search Engine Travel Supply Chain Management Procedure Proactive IT Evernote Cleaning Cables Trend Micro Recycling Devices Tools Work/Life Balance SMS OLED Using Data Printers Public Cloud Password Management Social Frequently Asked Questions Recovery Batteries PCI DSS Sales Firewall Authentication Start Menu Remote Computing IT Assessment Bing Cache FinTech MSP Practices Sync Default App Multi-Factor Security Shopping Entertainment Warranty eWaste Thought Leadership Virtual Machine Millennials AI Computer Fan Employee Amazon Biometric Security Information Technology Data loss OneDrive Software Tips NIST Excel Virtual Private Network SharePoint Unified Threat Management Windows Server 2008 R2 HVAC Wireless Internet Apple File Sharing ISP Charger Hosted Computing IT Infrastructure Social Network Printer Legal Value Hypervisor Workforce FENG Amazon Web Services Accountants Flash Manufacturing Computing Cortana Alert Specifications Copiers Tip of the week Remote Workers End of Support Mobile Computing Password Manager Nanotechnology USB Peripheral Cryptomining Wireless Charging Inventory Investment Trending Printing YouTube Mouse Criminal Twitter Going Green 5G Google Search HaaS Virtual Reality Professional Services Smart Tech Development Solid State Drive Safe Mode Security Cameras Digital Signature Windows Server 2008 Managed IT Service Smart Office Business Mangement Windows 10s Shortcuts Electronic Medical Records Wire HBO Project Management Quick Tip The Internet of Things RMM Downtime Remote Worker Database Google Apps ROI Personal Hacker Screen Mirroring Microchip Addiction Saving Time Telecommuting Policy Save Time Online Shopping Cabling Fiber Optics Gmail Messaging Physical Security Smartwatch Credit Cards PDF Computer Care Employer-Employee Relationship Document Management Camera Enterprise Content Management Mobility Data Management Outlook Bitcoin Regulations Employees Root Cause Analysis Wiring Workers Skype GDPR Digitize Managing Stress Financial Customer Service Hard Drives Domains Search Windows 10 Public Speaking CrashOverride Presentation Lithium-ion battery Managed Service Provider Wireless Technology Regulation Tech Support Safety IBM Hiring/Firing Productivity Marketing Company Culture Fun Budget Emergency Personal Information Competition Customer Relationship Management IP Address