Login | Register 
Contact us today!
866-348-2602

Total Tech Care Blog

Total Tech Care has been serving Florida since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Font size: +
Print

What You Need to Know About the Massive Solarwinds Hack

Total Tech Care Blog Alerts
0 Comments
What You Need to Know About the Massive Solarwinds Hack

2020 has been filled to the brim with adversity and just as we’ve mercifully arrived to the end, the largest and most brazen cyberespionage attack ever has been carried out. Today, we’ll tell you what we know about the attack, what problems it caused, and what we should learn from it going forward.

 How Did the Attack Happen?

In short, an IT management company known as SolarWinds was breached back in March, affecting a massive number of organizations—18,000 in all. These organizations include the likes of Microsoft, Cisco, and FireEye, as well as many states and federal organizations, including:

  • The U.S. Department of State
  • The U.S. Department of the Treasury
  • The U.S. Department of Homeland Security
  • The U.S. Department of Energy
  • The U.S. National Telecommunications and Information Administration
  • The National Institutes of Health, of the U.S. Department of Health
  • The U.S. National Nuclear Security Administration

When the attackers gained access to SolarWinds’ network, they were able to use what is known as a supply chain attack to introduce their malware to these departments and organizations by pushing it through the company’s automatic software update system for their Orion products. These kinds of attacks can be particularly effective since the threat is introduced to an environment via a trusted application.

Making this situation worse, many SolarWinds customers had excluded Orion products from their security checks on SolarWinds’ recommendation to prevent their other security products from shutting them down due to the malware signatures that these security products contain.

While (at the time of this writing) it is unclear what the attackers responsible used this access to do, the potential ramifications are truly terrifying. While government departments were targeted, it also needs to be said that this attack could have potentially continued from the major providers like Microsoft and Cisco to their clients, and so on and so forth. That’s why there is still no estimate of this attack’s true scope.

This attack was seemingly only discovered when an employee at FireEye received an alert that their VPN credentials had been used from a new device, and a little digging revealed the much larger situation playing out.

This Wasn’t the Only Attack, Either

Another attack was also discovered on SolarWinds’ network when the company performed an internal audit of its systems. On December 18, a second malware was found to have used the same tactic to infiltrate SolarWinds, but as of this writing does not seem to come from the same source.

What This Needs to Teach Us

Frankly, the most important lessons to be learned here are painfully obvious. First off, cybersecurity needs to be prioritized above all else, and all potential threats should be considered a likelihood. After all, the U.S. government was warned about the viability of exactly this kind of threat back in 2018 by the Government Accountability Office.

Secondly, the concept of your employees being a huge part of your cybersecurity strategy needs to be reinforced. This was only discovered when an employee was alerted of unusual activity and took that alert seriously. Your team needs to know what they are looking out for, and how to proceed if they spot it.

We may not know the scope of these attacks for a while. That shouldn’t stop you from reaching out to the IT professionals at Total Tech Care to get an assessment and a consultation. Call us today at 866-348-2602 to get started protecting your network, infrastructure, and data.

Tweet
Tags:
Security Network Security Vendor
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, 30 April 2025
If you'd like to register, please fill in the username, password and name fields.

Blog Categories

Blog Archive

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      Free Consultation
       

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Privacy Hackers Productivity Hosted Solutions Software Efficiency Network Security Business Google Microsoft Internet Email Malware Backup Workplace Tips Innovation Data User Tips Computer Mobile Devices IT Services Hardware Disaster Recovery Android VoIP communications Smartphones IT Support Communication Business Continuity Miscellaneous Smartphone Mobile Device Small Business Network Browser Productivity Collaboration Cybersecurity Quick Tips Users Business Management Managed IT Services Upgrade Windows Phishing Outsourced IT Data Backup Ransomware Windows 10 Data Recovery Office Server Save Money Cloud Computing Passwords Windows 10 Virtualization Saving Money Holiday Social Media Tech Term Gadgets Chrome Automation Managed Service Managed IT Services Microsoft Office Computers Facebook Cybercrime Operating System Artificial Intelligence BYOD Mobile Device Management Networking IT Support Health Internet of Things Hacking Wi-Fi Office 365 Covid-19 Telephone Systems Information Technology Information Managed Service Provider Remote Alert Spam Bandwidth Router Recovery Employer-Employee Relationship BDR Social Engineering Mobility Password Money Mobile Computing App Encryption History Applications Application Data Breach Law Enforcement Human Resources Big Data Remote Monitoring Data Storage Apps Patch Management Office Tips Training Blockchain Paperless Office VPN Government Private Cloud How To Remote Computing Managed IT Mobile Office Work/Life Balance Flexibility Marketing Vulnerability WiFi IT solutions Windows 7 Entertainment Word Website Wireless Budget Google Drive Servers Gmail Settings Avoiding Downtime Data Security Infrastructure Voice over Internet Protocol Two-factor Authentication Mouse HaaS Bring Your Own Device Data Management Meetings Vendor Cleaning Managed Services Conferencing Display Risk Management Scam End of Support Hacker Physical Security Education Employee/Employer Relationship USB Safety RMM The Internet of Things HIPAA Lithium-ion battery Sports Redundancy Software as a Service Vendor Management Telephone System Staff Keyboard Machine Learning Connectivity Remote Work Firewall Virtual Reality Apple Save Time Social User Error Data Protection Computing Infrastructure Computer Accessories Wearable Technology Database Going Green Hard Drives Comparison Retail Remote Workers Instant Messaging Robot Excel CES Processor Business Intelligence Battery Biometrics Printer Shadow IT Audit Bluetooth Virtual Desktop Worker Business Technology Legal Content Management Hard Drive Access Control IT Management Internet Exlporer Botnet DDoS Virtual Assistant Authentication IT Plan SharePoint Computing PDF IT Consultant Unsupported Software Proactive IT Update Customer Service Charger Humor Environment Best Practice Compliance Digital Signage YouTube Black Market Google Docs OneNote Fax Server Computer Care Identity Theft Current Events Telephony SaaS Samsung Document Management Procurement Workplace Strategy Solid State Drive Net Neutrality Wireless Technology Downtime Value Augmented Reality How to Network Congestion Help Desk Fraud eWaste Spam Blocking Printing Electronic Medical Records Data storage Remote Worker Automobile Virus Hiring/Firing Cryptocurrency Unified Threat Management Managed Services Provider Monitoring webinar Batteries Cost Management Emergency Cache Amazon Web Services Tip of the week Professional Services Windows 8.1 Public Cloud Digitize Managing Stress Social Networking Employer Employee Relationship Safe Mode Criminal Windows Server 2008 R2 Hosted Computing Reputation Streaming Media Assessment GDPR Customer relationships Content Wireless Internet Cameras Online Shopping Tech Support Windows Server 2008 Tools Email Best Practices Running Cable IT Assessment File Sharing Techology Manufacturing Laptop Memory Inventory Customers Specifications Television Camera Computer Tips Audiobook Managed IT Service Wire Security Cameras Evernote Travel Virtual CIO OneDrive Biometric Security Touchpad Millennials Peripheral Public Computer Printers Digital Security Cameras Politics Using Data Transportation Smart Office Advertising Printer Server Wireless Charging Regulations Computer Fan Copiers Rootkit 5G Science Workforce Notifications Quick Tip Virtual Private Network Ergonomics Workers Benefits Smartwatch Cables Distributed Denial of Service FENG Development Customer Relationship Management OLED Virtual Machine Analyitcs Nanotechnology Relocation Telecommuting PCI DSS IBM Project Management 2FA Fiber Optics Programming Smart Technology Employee Cortana Flash Messaging Video Games Cabling Digital Signature Worker Commute Hypervisor Software Tips Policy Supercomputer Warranty Dark mode Antivirus Emails Experience Trend Micro HVAC Google Apps Sync SMS Scalability Default App Windows 8 Analysis Administrator Business Owner Saving Time Consultant Devices Procedure IT service dark theme Netflix Shopping Two Factor Authentication Enterprise Content Management Google Search Analytics NarrowBand Accountants Root Cause Analysis AI MSP Search IT Infrastructure Tablet Knowledge Microchip Best Available Music Thought Leadership iPhone Bing Credit Cards HBO FinTech Domains Skype Social Network WIndows 7 Password Management Password Manager Multi-Factor Security IaaS Data loss Maintenance Investment Leadership Search Engine Employee/Employer Relationships Bloatware Troubleshooting Twitter Files Outlook Employees Start Menu Windows 365 NIST ISP Business Mangement Chromecast Tablets Smart Tech Trending Screen Mirroring Video Conferencing Loyalty ROI Bitcoin Entrepreneur Books Addiction Colocation Shortcuts Amazon Uninterrupted Power Supply Frequently Asked Questions Sales Mobile Point of Sale Windows 10s Personal User Cryptomining PowerPoint Recycling Windows Media Player Practices Monitor Cast Supply Chain Management Shortcut Wiring

      Top Blog

      Taking a Vacation From Your Technology While On Vacation Can Actually Make Things Worse
      The reasoning for this is simple: you want to make sure that operations are proceeding as intended, even if you’re not there. If you completely check out from the workplace every time you leave, you could return from your vacation to a complete and total disaster that may have been prevented with y...
      Read More
      QR-Code