Contact us today!
866-348-2602

Total Tech Care Blog

Total Tech Care has been serving Florida since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

What You Need to Know About the Massive Solarwinds Hack

What You Need to Know About the Massive Solarwinds Hack

2020 has been filled to the brim with adversity and just as we’ve mercifully arrived to the end, the largest and most brazen cyberespionage attack ever has been carried out. Today, we’ll tell you what we know about the attack, what problems it caused, and what we should learn from it going forward.

 How Did the Attack Happen?

In short, an IT management company known as SolarWinds was breached back in March, affecting a massive number of organizations—18,000 in all. These organizations include the likes of Microsoft, Cisco, and FireEye, as well as many states and federal organizations, including:

  • The U.S. Department of State
  • The U.S. Department of the Treasury
  • The U.S. Department of Homeland Security
  • The U.S. Department of Energy
  • The U.S. National Telecommunications and Information Administration
  • The National Institutes of Health, of the U.S. Department of Health
  • The U.S. National Nuclear Security Administration

When the attackers gained access to SolarWinds’ network, they were able to use what is known as a supply chain attack to introduce their malware to these departments and organizations by pushing it through the company’s automatic software update system for their Orion products. These kinds of attacks can be particularly effective since the threat is introduced to an environment via a trusted application.

Making this situation worse, many SolarWinds customers had excluded Orion products from their security checks on SolarWinds’ recommendation to prevent their other security products from shutting them down due to the malware signatures that these security products contain.

While (at the time of this writing) it is unclear what the attackers responsible used this access to do, the potential ramifications are truly terrifying. While government departments were targeted, it also needs to be said that this attack could have potentially continued from the major providers like Microsoft and Cisco to their clients, and so on and so forth. That’s why there is still no estimate of this attack’s true scope.

This attack was seemingly only discovered when an employee at FireEye received an alert that their VPN credentials had been used from a new device, and a little digging revealed the much larger situation playing out.

This Wasn’t the Only Attack, Either

Another attack was also discovered on SolarWinds’ network when the company performed an internal audit of its systems. On December 18, a second malware was found to have used the same tactic to infiltrate SolarWinds, but as of this writing does not seem to come from the same source.

What This Needs to Teach Us

Frankly, the most important lessons to be learned here are painfully obvious. First off, cybersecurity needs to be prioritized above all else, and all potential threats should be considered a likelihood. After all, the U.S. government was warned about the viability of exactly this kind of threat back in 2018 by the Government Accountability Office.

Secondly, the concept of your employees being a huge part of your cybersecurity strategy needs to be reinforced. This was only discovered when an employee was alerted of unusual activity and took that alert seriously. Your team needs to know what they are looking out for, and how to proceed if they spot it.

We may not know the scope of these attacks for a while. That shouldn’t stop you from reaching out to the IT professionals at Total Tech Care to get an assessment and a consultation. Call us today at 866-348-2602 to get started protecting your network, infrastructure, and data.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, 02 April 2025
If you'd like to register, please fill in the username, password and name fields.

Blog Archive

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      Free Consultation
       

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Privacy Hackers Productivity Hosted Solutions Efficiency Software Network Security Business Google Microsoft Internet Email Malware Workplace Tips Backup Innovation Data User Tips Computer Mobile Devices IT Services Hardware Android VoIP Disaster Recovery communications Smartphones Communication IT Support Business Continuity Miscellaneous Smartphone Mobile Device Browser Small Business Network Productivity Collaboration Quick Tips Cybersecurity Users Business Management Upgrade Windows Phishing Managed IT Services Data Backup Outsourced IT Ransomware Windows 10 Server Save Money Data Recovery Cloud Computing Office Passwords Windows 10 Chrome Virtualization Tech Term Gadgets Saving Money Holiday Social Media Microsoft Office Managed Service Managed IT Services Automation Cybercrime Operating System Computers Facebook Artificial Intelligence IT Support Health Hacking Internet of Things BYOD Mobile Device Management Wi-Fi Networking Covid-19 Managed Service Provider Spam Information Office 365 Remote Telephone Systems Alert Information Technology Recovery Employer-Employee Relationship Social Engineering Mobility Router BDR Bandwidth Human Resources Encryption Big Data Applications Remote Monitoring Law Enforcement Mobile Computing App History Application Password Data Breach Money Remote Computing Blockchain Paperless Office How To Mobile Office Government Private Cloud Data Storage Patch Management Office Tips Training Managed IT VPN Apps Two-factor Authentication Data Security Google Drive Mouse HaaS Avoiding Downtime Flexibility Marketing Infrastructure Voice over Internet Protocol WiFi IT solutions Entertainment Vulnerability Website Budget Wireless Windows 7 Word Bring Your Own Device Data Management Gmail Work/Life Balance Servers Settings Firewall End of Support Physical Security Education Employee/Employer Relationship Virtual Reality Safety Apple RMM HIPAA Sports Social Telephone System Staff Redundancy Software as a Service Keyboard Machine Learning User Error Connectivity Remote Work Meetings Risk Management Hacker Conferencing Save Time Scam USB The Internet of Things Lithium-ion battery Data Protection Cleaning Vendor Managed Services Vendor Management Display Unsupported Software CES Processor Fax Server Battery Charger Shadow IT Business Technology Legal Content Management SaaS Compliance Hard Drive Access Control OneNote Computer Care Internet Exlporer Virtual Assistant Current Events Telephony Authentication PDF Samsung Computing Network Congestion eWaste Value Proactive IT Virus Update Spam Blocking Electronic Medical Records Best Practice Unified Threat Management YouTube Computer Accessories Digital Signage Google Docs Black Market Wearable Technology Hiring/Firing Identity Theft Retail Hard Drives Instant Messaging Robot Excel Procurement Document Management Workplace Strategy Solid State Drive Wireless Technology Printer Net Neutrality Biometrics Virtual Desktop Augmented Reality How to Bluetooth Downtime Fraud Help Desk Business Intelligence Printing Remote Worker Data storage DDoS Audit Worker Automobile IT Management Cryptocurrency SharePoint Managed Services Provider IT Consultant Computing Infrastructure Botnet IT Plan Going Green Database Humor Comparison Customer Service Remote Workers Environment File Sharing Email Best Practices Techology IBM IT Assessment Laptop Antivirus Manufacturing Customers Smart Technology Specifications Windows 8 Flash Camera Inventory Audiobook Wire Computer Tips Consultant Evernote Managed IT Service IT service Security Cameras Software Tips Virtual CIO Supercomputer OneDrive Touchpad Analytics Travel Biometric Security Millennials Tablet Sync Printers Emails Peripheral Politics Smart Office Digital Security Cameras Advertising Best Available Wireless Charging Using Data Domains WIndows 7 Copiers 5G Quick Tip IaaS Two Factor Authentication Workforce Notifications Maintenance Virtual Private Network Netflix Root Cause Analysis Ergonomics Cables Smartwatch Bloatware OLED HBO Knowledge Development Music Nanotechnology PCI DSS Relocation Telecommuting Virtual Machine Tablets Skype Project Management Data loss 2FA Cortana Fiber Optics Employee Entrepreneur Troubleshooting Cabling Windows Media Player Outlook Video Games User Leadership Digital Signature Messaging PowerPoint Policy Hypervisor Shortcut Start Menu Warranty Worker Commute Experience Screen Mirroring HVAC Dark mode Loyalty Google Apps Trend Micro Cost Management Books Default App Social Networking Frequently Asked Questions Scalability Managing Stress Analysis SMS Windows 10s Devices Procedure Saving Time Mobile Administrator Business Owner Cast Enterprise Content Management dark theme Shopping NarrowBand Cameras Google Search Emergency IT Infrastructure Tip of the week MSP Search webinar Accountants AI Running Cable Public Cloud Thought Leadership FinTech iPhone Employer Employee Relationship Credit Cards Bing Memory Professional Services Microchip Password Management Assessment Password Manager Social Network Multi-Factor Security Investment Windows Server 2008 Twitter Employees Files Employee/Employer Relationships Tools Search Engine NIST Windows 365 Television Business Mangement Chromecast Printer Server ISP Trending ROI Science Smart Tech Video Conferencing Addiction Sales Colocation Amazon Bitcoin Uninterrupted Power Supply Shortcuts Point of Sale Public Computer Recycling Personal Cryptomining Transportation Customer Relationship Management Regulations Wiring Practices Supply Chain Management Monitor Distributed Denial of Service Computer Fan Cache Monitoring Rootkit Amazon Web Services Batteries Analyitcs Safe Mode Windows 8.1 Criminal Digitize Programming Benefits Windows Server 2008 R2 Streaming Media GDPR Workers Hosted Computing Reputation Content FENG Wireless Internet Customer relationships Online Shopping Tech Support

      Top Blog

      The reasoning for this is simple: you want to make sure that operations are proceeding as intended, even if you’re not there. If you completely check out from the workplace every time you leave, you could return from your vacation to a complete and total disaster that may have been prevented with y...
      QR-Code