Contact us today!
866-348-2602

Total Tech Care Blog

Total Tech Care has been serving Florida since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

What You Need to Know About the Massive Solarwinds Hack

What You Need to Know About the Massive Solarwinds Hack

2020 has been filled to the brim with adversity and just as we’ve mercifully arrived to the end, the largest and most brazen cyberespionage attack ever has been carried out. Today, we’ll tell you what we know about the attack, what problems it caused, and what we should learn from it going forward.

 How Did the Attack Happen?

In short, an IT management company known as SolarWinds was breached back in March, affecting a massive number of organizations—18,000 in all. These organizations include the likes of Microsoft, Cisco, and FireEye, as well as many states and federal organizations, including:

  • The U.S. Department of State
  • The U.S. Department of the Treasury
  • The U.S. Department of Homeland Security
  • The U.S. Department of Energy
  • The U.S. National Telecommunications and Information Administration
  • The National Institutes of Health, of the U.S. Department of Health
  • The U.S. National Nuclear Security Administration

When the attackers gained access to SolarWinds’ network, they were able to use what is known as a supply chain attack to introduce their malware to these departments and organizations by pushing it through the company’s automatic software update system for their Orion products. These kinds of attacks can be particularly effective since the threat is introduced to an environment via a trusted application.

Making this situation worse, many SolarWinds customers had excluded Orion products from their security checks on SolarWinds’ recommendation to prevent their other security products from shutting them down due to the malware signatures that these security products contain.

While (at the time of this writing) it is unclear what the attackers responsible used this access to do, the potential ramifications are truly terrifying. While government departments were targeted, it also needs to be said that this attack could have potentially continued from the major providers like Microsoft and Cisco to their clients, and so on and so forth. That’s why there is still no estimate of this attack’s true scope.

This attack was seemingly only discovered when an employee at FireEye received an alert that their VPN credentials had been used from a new device, and a little digging revealed the much larger situation playing out.

This Wasn’t the Only Attack, Either

Another attack was also discovered on SolarWinds’ network when the company performed an internal audit of its systems. On December 18, a second malware was found to have used the same tactic to infiltrate SolarWinds, but as of this writing does not seem to come from the same source.

What This Needs to Teach Us

Frankly, the most important lessons to be learned here are painfully obvious. First off, cybersecurity needs to be prioritized above all else, and all potential threats should be considered a likelihood. After all, the U.S. government was warned about the viability of exactly this kind of threat back in 2018 by the Government Accountability Office.

Secondly, the concept of your employees being a huge part of your cybersecurity strategy needs to be reinforced. This was only discovered when an employee was alerted of unusual activity and took that alert seriously. Your team needs to know what they are looking out for, and how to proceed if they spot it.

We may not know the scope of these attacks for a while. That shouldn’t stop you from reaching out to the IT professionals at Total Tech Care to get an assessment and a consultation. Call us today at 866-348-2602 to get started protecting your network, infrastructure, and data.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, 24 April 2025
If you'd like to register, please fill in the username, password and name fields.

Blog Archive

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      Free Consultation
       

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Privacy Hackers Productivity Hosted Solutions Software Efficiency Network Security Business Google Internet Microsoft Email Malware Backup Workplace Tips Innovation User Tips Data Computer Mobile Devices IT Services Hardware Android VoIP Disaster Recovery communications Communication Business Continuity IT Support Smartphones Miscellaneous Smartphone Mobile Device Browser Small Business Network Collaboration Productivity Cybersecurity Quick Tips Users Business Management Phishing Windows Managed IT Services Upgrade Data Backup Outsourced IT Ransomware Windows 10 Save Money Cloud Computing Office Data Recovery Server Windows 10 Passwords Chrome Tech Term Social Media Virtualization Saving Money Holiday Gadgets Managed Service Microsoft Office Automation Managed IT Services Artificial Intelligence Operating System Facebook Computers Cybercrime Wi-Fi Hacking Health BYOD Mobile Device Management Internet of Things Networking IT Support Managed Service Provider Telephone Systems Information Technology Covid-19 Spam Remote Office 365 Alert Information Social Engineering Mobility Employer-Employee Relationship Recovery Router BDR Bandwidth Big Data App Password History Money Encryption Applications Human Resources Mobile Computing Application Law Enforcement Remote Monitoring Data Breach Office Tips Apps Training VPN How To Remote Computing Government Data Storage Patch Management Mobile Office Blockchain Private Cloud Paperless Office Managed IT Bring Your Own Device Data Management Work/Life Balance Infrastructure Wireless Voice over Internet Protocol Data Security Gmail Flexibility Settings Marketing Google Drive WiFi Two-factor Authentication IT solutions Entertainment Website Budget Avoiding Downtime Mouse HaaS Vulnerability Windows 7 Word Servers Risk Management Hacker Cleaning Vendor The Internet of Things Lithium-ion battery Managed Services Display End of Support Education Physical Security Safety Firewall Employee/Employer Relationship Data Protection HIPAA Sports Redundancy RMM Keyboard Virtual Reality Apple USB Social Conferencing User Error Scam Meetings Telephone System Staff Software as a Service Save Time Machine Learning Remote Work Vendor Management Connectivity Unsupported Software Biometrics Virtual Desktop Google Docs Identity Theft Charger Computing Infrastructure Going Green Managed Services Provider Compliance DDoS OneNote Computer Care Database Current Events SharePoint Remote Workers Virus Battery Augmented Reality Telephony Fraud Samsung Shadow IT Processor Unified Threat Management Legal Computer Accessories Customer Service Remote Worker Value Environment Internet Exlporer Cryptocurrency Hard Drive Electronic Medical Records Fax Server Spam Blocking PDF Comparison SaaS Computing Hiring/Firing Printer Proactive IT Bluetooth CES Best Practice YouTube Network Congestion Black Market Business Technology Content Management eWaste Digital Signage Access Control Business Intelligence IT Consultant Virtual Assistant Worker Document Management Authentication Audit Wireless Technology IT Management Humor Solid State Drive How to Downtime Wearable Technology Procurement Retail Net Neutrality Hard Drives Botnet Workplace Strategy IT Plan Instant Messaging Robot Help Desk Data storage Excel Update Printing Automobile HVAC Google Apps Video Conferencing IBM ROI Smart Technology Shortcuts Monitor Flash Analysis Sales Best Available Bitcoin WIndows 7 Personal Cryptomining Administrator Devices Point of Sale Enterprise Content Management Software Tips Supply Chain Management Supercomputer Reputation Science MSP Sync Streaming Media Accountants Monitoring Emails Batteries Windows 8.1 Credit Cards Digitize Content Microchip Tech Support Thought Leadership Laptop Password Management Password Manager Windows Server 2008 R2 Techology Two Factor Authentication Customer Relationship Management Customers Customer relationships Netflix Multi-Factor Security Distributed Denial of Service Email Best Practices Root Cause Analysis User IT Assessment PowerPoint Audiobook Manufacturing Windows Media Player Analyitcs Search Engine Twitter Touchpad NIST HBO Business Mangement Knowledge Music Programming Managed IT Service Security Cameras Skype Smart Tech Computer Tips Trending Virtual CIO Data loss Managing Stress Amazon OneDrive Politics Biometric Security Advertising Addiction Outlook Recycling Peripheral Leadership Antivirus Troubleshooting Using Data Cameras Windows 8 Wiring Start Menu Notifications Practices Digital Security Cameras Cache Screen Mirroring Amazon Web Services Copiers Loyalty IT service 5G Safe Mode Frequently Asked Questions Criminal Quick Tip Books Smartwatch Relocation Tablet GDPR Mobile Hosted Computing Ergonomics Windows 10s Wireless Internet Cast Online Shopping Development Domains OLED Video Games File Sharing Tip of the week PCI DSS webinar Virtual Machine Emergency Specifications IaaS Fiber Optics Employer Employee Relationship Printer Server Worker Commute Maintenance Employee Camera Professional Services Inventory 2FA Public Cloud Wire Evernote Messaging Assessment Experience Cabling Bloatware Scalability Windows Server 2008 Policy Travel Hypervisor Millennials Trend Micro Business Owner Tablets Printers Tools Dark mode NarrowBand Smart Office Wireless Charging SMS Television Default App Entrepreneur Search Procedure Saving Time Workforce Shopping Shortcut Google Search iPhone Virtual Private Network dark theme Cables AI Public Computer IT Infrastructure Cost Management Social Networking Bing Regulations FinTech Transportation Telecommuting Social Network Rootkit Files Project Management Nanotechnology Computer Fan Chromecast Cortana Investment Digital Signature Employees Workers Consultant Running Cable Employee/Employer Relationships Benefits FENG Analytics ISP Colocation Memory Warranty Uninterrupted Power Supply Windows 365

      Top Blog

      The reasoning for this is simple: you want to make sure that operations are proceeding as intended, even if you’re not there. If you completely check out from the workplace every time you leave, you could return from your vacation to a complete and total disaster that may have been prevented with y...
      QR-Code