Login | Register 
Contact us today!
866-348-2602

Total Tech Care Blog

Total Tech Care has been serving Florida since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Font size: +
Print

What You Need to Know About the Massive Solarwinds Hack

Total Tech Care Blog Alerts
0 Comments
What You Need to Know About the Massive Solarwinds Hack

2020 has been filled to the brim with adversity and just as we’ve mercifully arrived to the end, the largest and most brazen cyberespionage attack ever has been carried out. Today, we’ll tell you what we know about the attack, what problems it caused, and what we should learn from it going forward.

 How Did the Attack Happen?

In short, an IT management company known as SolarWinds was breached back in March, affecting a massive number of organizations—18,000 in all. These organizations include the likes of Microsoft, Cisco, and FireEye, as well as many states and federal organizations, including:

  • The U.S. Department of State
  • The U.S. Department of the Treasury
  • The U.S. Department of Homeland Security
  • The U.S. Department of Energy
  • The U.S. National Telecommunications and Information Administration
  • The National Institutes of Health, of the U.S. Department of Health
  • The U.S. National Nuclear Security Administration

When the attackers gained access to SolarWinds’ network, they were able to use what is known as a supply chain attack to introduce their malware to these departments and organizations by pushing it through the company’s automatic software update system for their Orion products. These kinds of attacks can be particularly effective since the threat is introduced to an environment via a trusted application.

Making this situation worse, many SolarWinds customers had excluded Orion products from their security checks on SolarWinds’ recommendation to prevent their other security products from shutting them down due to the malware signatures that these security products contain.

While (at the time of this writing) it is unclear what the attackers responsible used this access to do, the potential ramifications are truly terrifying. While government departments were targeted, it also needs to be said that this attack could have potentially continued from the major providers like Microsoft and Cisco to their clients, and so on and so forth. That’s why there is still no estimate of this attack’s true scope.

This attack was seemingly only discovered when an employee at FireEye received an alert that their VPN credentials had been used from a new device, and a little digging revealed the much larger situation playing out.

This Wasn’t the Only Attack, Either

Another attack was also discovered on SolarWinds’ network when the company performed an internal audit of its systems. On December 18, a second malware was found to have used the same tactic to infiltrate SolarWinds, but as of this writing does not seem to come from the same source.

What This Needs to Teach Us

Frankly, the most important lessons to be learned here are painfully obvious. First off, cybersecurity needs to be prioritized above all else, and all potential threats should be considered a likelihood. After all, the U.S. government was warned about the viability of exactly this kind of threat back in 2018 by the Government Accountability Office.

Secondly, the concept of your employees being a huge part of your cybersecurity strategy needs to be reinforced. This was only discovered when an employee was alerted of unusual activity and took that alert seriously. Your team needs to know what they are looking out for, and how to proceed if they spot it.

We may not know the scope of these attacks for a while. That shouldn’t stop you from reaching out to the IT professionals at Total Tech Care to get an assessment and a consultation. Call us today at 866-348-2602 to get started protecting your network, infrastructure, and data.

Tweet
Tags:
Security Network Security Vendor
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Saturday, 20 April 2024
If you'd like to register, please fill in the username, password and name fields.

Blog Categories

Blog Archive

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      Free Consultation
       

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Privacy Hackers Productivity Hosted Solutions Software Efficiency Business Google Network Security Internet Microsoft Email Malware Backup Workplace Tips Innovation User Tips Data Computer Mobile Devices IT Services Hardware Android VoIP Disaster Recovery communications Smartphones Communication Business Continuity IT Support Miscellaneous Smartphone Mobile Device Browser Small Business Network Productivity Collaboration Quick Tips Cybersecurity Business Management Users Windows Phishing Managed IT Services Upgrade Outsourced IT Ransomware Data Backup Windows 10 Data Recovery Cloud Computing Office Server Save Money Passwords Windows 10 Chrome Gadgets Virtualization Tech Term Saving Money Holiday Social Media Managed IT Services Microsoft Office Managed Service Automation Operating System Artificial Intelligence Computers Facebook Cybercrime Hacking Internet of Things Wi-Fi BYOD Mobile Device Management Networking IT Support Health Spam Alert Covid-19 Information Office 365 Telephone Systems Information Technology Remote Managed Service Provider BDR Social Engineering Mobility Bandwidth Recovery Employer-Employee Relationship Router Law Enforcement Big Data Remote Monitoring Mobile Computing Password Money App History Application Encryption Applications Data Breach Human Resources Remote Computing Blockchain Private Cloud Paperless Office Mobile Office How To Managed IT Apps Office Tips Data Storage Patch Management Training VPN Government Data Security Mouse HaaS Flexibility Marketing Bring Your Own Device Data Management Work/Life Balance WiFi Infrastructure Voice over Internet Protocol IT solutions Entertainment Website Budget Wireless Vulnerability Windows 7 Word Gmail Google Drive Settings Servers Two-factor Authentication Avoiding Downtime Apple Vendor Social Managed Services Software as a Service Display Telephone System Staff User Error Save Time Machine Learning Meetings Connectivity Remote Work Employee/Employer Relationship Cleaning RMM Risk Management Hacker Conferencing End of Support USB The Internet of Things Physical Security Lithium-ion battery Scam Education Safety Data Protection HIPAA Sports Redundancy Firewall Keyboard Vendor Management Virtual Reality Access Control Compliance OneNote Computer Care Managed Services Provider Network Congestion Virtual Assistant Current Events Authentication Database eWaste Document Management Telephony Solid State Drive Wireless Technology Samsung Virus How to Downtime Remote Workers Unified Threat Management Value Processor Update Computer Accessories Data storage Spam Blocking Electronic Medical Records Wearable Technology Automobile Retail Hard Drives Hard Drive Google Docs Instant Messaging Robot Computing Infrastructure Excel Hiring/Firing Identity Theft Going Green Biometrics Computing Printer Virtual Desktop Bluetooth Battery Augmented Reality DDoS Shadow IT Fraud Legal Business Intelligence Digital Signage SharePoint Remote Worker Audit Internet Exlporer Worker IT Consultant IT Management Cryptocurrency Humor Botnet Customer Service PDF IT Plan Environment Procurement Comparison Net Neutrality Workplace Strategy Fax Server Proactive IT Help Desk Unsupported Software CES Printing Best Practice SaaS YouTube Charger Business Technology Black Market Content Management Emails Personal Millennials Cryptomining WIndows 7 Business Owner Sync Printers Point of Sale IaaS Maintenance Smart Office Supply Chain Management NarrowBand Wireless Charging Search Monitoring Bloatware Batteries iPhone Netflix Digitize Two Factor Authentication Workforce Virtual Private Network Windows 8.1 Root Cause Analysis Tablets Cables Windows Server 2008 R2 Music HBO Customer relationships Entrepreneur Knowledge Windows Media Player Files Nanotechnology IT Assessment Telecommuting Manufacturing User PowerPoint Skype Project Management Email Best Practices Shortcut Data loss Chromecast Cortana Troubleshooting Security Cameras Outlook Computer Tips Cost Management Leadership Digital Signature Managed IT Service Social Networking Colocation OneDrive Uninterrupted Power Supply Biometric Security Managing Stress Start Menu Warranty Virtual CIO Screen Mirroring HVAC Peripheral Loyalty Google Apps Books Cameras Frequently Asked Questions Digital Security Cameras Monitor Analysis Using Data Running Cable Mobile Administrator Windows 10s Devices Copiers 5G Cast Enterprise Content Management Quick Tip Memory Reputation webinar Accountants Streaming Media Emergency Smartwatch Tip of the week MSP Ergonomics Content Professional Services Microchip Public Cloud Thought Leadership Development Tech Support Employer Employee Relationship Credit Cards OLED Techology Password Management PCI DSS Laptop Assessment Password Manager Virtual Machine Customers Fiber Optics Multi-Factor Security Employee Printer Server Windows Server 2008 2FA Audiobook Tools Search Engine Twitter Messaging Science Cabling NIST Policy Touchpad Television Business Mangement Hypervisor Smart Tech Trend Micro Trending Dark mode Distributed Denial of Service Politics Customer Relationship Management Advertising Addiction SMS Amazon Default App Procedure Analyitcs Public Computer Recycling Saving Time Programming Practices Shopping Notifications Transportation Google Search Regulations Wiring dark theme Computer Fan Cache AI Rootkit Amazon Web Services IT Infrastructure Bing Safe Mode FinTech Criminal Relocation Workers Hosted Computing Social Network Benefits Antivirus GDPR FENG Wireless Internet Windows 8 Online Shopping Investment Consultant IT service Video Games File Sharing Employees IBM Employee/Employer Relationships Inventory Smart Technology Specifications ISP Analytics Worker Commute Flash Camera Windows 365 Experience Wire Video Conferencing Tablet Evernote ROI Travel Shortcuts Best Available Domains Scalability Software Tips Sales Supercomputer Bitcoin

      Top Blog

      Taking a Vacation From Your Technology While On Vacation Can Actually Make Things Worse
      The reasoning for this is simple: you want to make sure that operations are proceeding as intended, even if you’re not there. If you completely check out from the workplace every time you leave, you could return from your vacation to a complete and total disaster that may have been prevented with y...
      Read More
      QR-Code