Login | Register 
Contact us today!
866-348-2602

Total Tech Care Blog

Total Tech Care has been serving Florida since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Font size: +
Print

What You Need to Know About the Massive Solarwinds Hack

Total Tech Care Blog Alerts
0 Comments
What You Need to Know About the Massive Solarwinds Hack

2020 has been filled to the brim with adversity and just as we’ve mercifully arrived to the end, the largest and most brazen cyberespionage attack ever has been carried out. Today, we’ll tell you what we know about the attack, what problems it caused, and what we should learn from it going forward.

 How Did the Attack Happen?

In short, an IT management company known as SolarWinds was breached back in March, affecting a massive number of organizations—18,000 in all. These organizations include the likes of Microsoft, Cisco, and FireEye, as well as many states and federal organizations, including:

  • The U.S. Department of State
  • The U.S. Department of the Treasury
  • The U.S. Department of Homeland Security
  • The U.S. Department of Energy
  • The U.S. National Telecommunications and Information Administration
  • The National Institutes of Health, of the U.S. Department of Health
  • The U.S. National Nuclear Security Administration

When the attackers gained access to SolarWinds’ network, they were able to use what is known as a supply chain attack to introduce their malware to these departments and organizations by pushing it through the company’s automatic software update system for their Orion products. These kinds of attacks can be particularly effective since the threat is introduced to an environment via a trusted application.

Making this situation worse, many SolarWinds customers had excluded Orion products from their security checks on SolarWinds’ recommendation to prevent their other security products from shutting them down due to the malware signatures that these security products contain.

While (at the time of this writing) it is unclear what the attackers responsible used this access to do, the potential ramifications are truly terrifying. While government departments were targeted, it also needs to be said that this attack could have potentially continued from the major providers like Microsoft and Cisco to their clients, and so on and so forth. That’s why there is still no estimate of this attack’s true scope.

This attack was seemingly only discovered when an employee at FireEye received an alert that their VPN credentials had been used from a new device, and a little digging revealed the much larger situation playing out.

This Wasn’t the Only Attack, Either

Another attack was also discovered on SolarWinds’ network when the company performed an internal audit of its systems. On December 18, a second malware was found to have used the same tactic to infiltrate SolarWinds, but as of this writing does not seem to come from the same source.

What This Needs to Teach Us

Frankly, the most important lessons to be learned here are painfully obvious. First off, cybersecurity needs to be prioritized above all else, and all potential threats should be considered a likelihood. After all, the U.S. government was warned about the viability of exactly this kind of threat back in 2018 by the Government Accountability Office.

Secondly, the concept of your employees being a huge part of your cybersecurity strategy needs to be reinforced. This was only discovered when an employee was alerted of unusual activity and took that alert seriously. Your team needs to know what they are looking out for, and how to proceed if they spot it.

We may not know the scope of these attacks for a while. That shouldn’t stop you from reaching out to the IT professionals at Total Tech Care to get an assessment and a consultation. Call us today at 866-348-2602 to get started protecting your network, infrastructure, and data.

Tweet
Tags:
Security Network Security Vendor
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, 24 January 2025
If you'd like to register, please fill in the username, password and name fields.

Blog Categories

Blog Archive

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      Free Consultation
       

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Privacy Hackers Productivity Hosted Solutions Efficiency Software Google Business Network Security Microsoft Internet Email Malware Workplace Tips Backup Innovation Data User Tips Computer Mobile Devices IT Services Hardware Disaster Recovery Android VoIP communications Business Continuity Smartphones Communication IT Support Miscellaneous Smartphone Mobile Device Network Browser Small Business Productivity Collaboration Cybersecurity Quick Tips Business Management Users Upgrade Phishing Windows Managed IT Services Outsourced IT Ransomware Data Backup Windows 10 Office Server Save Money Cloud Computing Data Recovery Windows 10 Passwords Saving Money Holiday Gadgets Tech Term Social Media Chrome Virtualization Managed IT Services Managed Service Automation Microsoft Office Facebook Artificial Intelligence Operating System Cybercrime Computers BYOD Mobile Device Management Internet of Things Networking IT Support Wi-Fi Hacking Health Office 365 Covid-19 Information Telephone Systems Alert Managed Service Provider Information Technology Remote Spam BDR Bandwidth Social Engineering Mobility Recovery Employer-Employee Relationship Router Application Law Enforcement App History Big Data Password Money Human Resources Encryption Applications Data Breach Mobile Computing Remote Monitoring Paperless Office Private Cloud Office Tips How To Managed IT Training VPN Apps Data Storage Patch Management Remote Computing Mobile Office Blockchain Government Avoiding Downtime Data Security Wireless Infrastructure Voice over Internet Protocol Bring Your Own Device Data Management Gmail Work/Life Balance Settings Vulnerability Windows 7 Flexibility Two-factor Authentication Word Marketing Google Drive WiFi Mouse Servers HaaS IT solutions Entertainment Website Budget USB Meetings Managed Services Software as a Service Display Telephone System Staff Machine Learning Connectivity Remote Work Risk Management Hacker Employee/Employer Relationship Save Time RMM The Internet of Things Lithium-ion battery Cleaning Data Protection Conferencing Firewall End of Support Education Physical Security Scam Virtual Reality Safety Apple HIPAA Sports Redundancy Social Keyboard Vendor Management Vendor User Error YouTube Charger Black Market Wearable Technology Remote Workers Hard Drives Compliance Retail IT Consultant Instant Messaging Processor OneNote Computer Care Update Current Events Robot Excel Document Management Telephony Humor Biometrics Hard Drive Solid State Drive Wireless Technology Samsung How to Google Docs Downtime Virtual Desktop Identity Theft Value Data storage DDoS Computing Automobile Spam Blocking Electronic Medical Records SharePoint Augmented Reality Fraud Computing Infrastructure Hiring/Firing Going Green Digital Signage Remote Worker Customer Service Environment Cryptocurrency Battery Fax Server Virus Shadow IT Unified Threat Management Procurement Legal Business Intelligence Comparison Net Neutrality SaaS Workplace Strategy Computer Accessories Audit Internet Exlporer Worker Help Desk CES IT Management Printing Network Congestion Botnet PDF eWaste Business Technology Content Management IT Plan Access Control Printer Managed Services Provider Proactive IT Bluetooth Virtual Assistant Unsupported Software Authentication Database Best Practice Experience Cost Management Cables Windows Server 2008 R2 Supercomputer Customer relationships Social Networking Scalability Software Tips Nanotechnology IT Assessment Business Owner Sync Telecommuting Manufacturing Emails Project Management Email Best Practices Cortana NarrowBand Security Cameras Running Cable Computer Tips Digital Signature Managed IT Service Search OneDrive Memory Biometric Security iPhone Netflix Two Factor Authentication Warranty Virtual CIO HVAC Peripheral Google Apps Root Cause Analysis HBO Knowledge Music Digital Security Cameras Analysis Using Data Devices Copiers Skype 5G Files Administrator Chromecast Enterprise Content Management Quick Tip Data loss Outlook Science Smartwatch Leadership Troubleshooting Consultant MSP Ergonomics Accountants Microchip Analytics Thought Leadership Development Start Menu Credit Cards OLED Colocation Uninterrupted Power Supply Loyalty Password Management PCI DSS Password Manager Virtual Machine Screen Mirroring Fiber Optics Frequently Asked Questions Multi-Factor Security Employee Monitor Books Distributed Denial of Service Best Available 2FA Customer Relationship Management Search Engine Twitter Messaging Mobile Analyitcs Cabling Windows 10s WIndows 7 NIST Policy Programming Business Mangement Hypervisor Cast Smart Tech Trend Micro Tip of the week Trending Reputation webinar Streaming Media Emergency Dark mode Addiction SMS Content Professional Services Amazon Default App Public Cloud Tech Support Employer Employee Relationship Laptop Assessment Antivirus Procedure Recycling Saving Time Techology Practices Shopping Windows Server 2008 Windows 8 Google Search Customers Wiring dark theme IT service PowerPoint Cache AI Audiobook Tools Windows Media Player Amazon Web Services IT Infrastructure User Bing Touchpad Television Safe Mode FinTech Criminal Hosted Computing Social Network Tablet GDPR Domains Wireless Internet Politics Online Shopping Investment Advertising Managing Stress Public Computer File Sharing Employees Employee/Employer Relationships Inventory Regulations Specifications ISP Notifications Transportation IaaS Camera Windows 365 Maintenance Cameras Wire Video Conferencing Bloatware Evernote ROI Computer Fan Rootkit Travel Shortcuts Sales Bitcoin Personal Tablets Millennials Cryptomining Relocation Workers Benefits Printers Point of Sale Smart Office Supply Chain Management Entrepreneur Wireless Charging FENG IBM Monitoring Batteries Video Games Digitize Worker Commute Flash Workforce Smart Technology Virtual Private Network Windows 8.1 Shortcut Printer Server

      Top Blog

      Taking a Vacation From Your Technology While On Vacation Can Actually Make Things Worse
      The reasoning for this is simple: you want to make sure that operations are proceeding as intended, even if you’re not there. If you completely check out from the workplace every time you leave, you could return from your vacation to a complete and total disaster that may have been prevented with y...
      Read More
      QR-Code