What Can We Learn From the SolarWinds Data Breach?

Jan 6, 2021

The cyber corruption of network management software provider SolarWinds has affected approximately 18,000 of their 300,000 customers, including companies and government organizations. Given the breadth of this cyber attack, many are asking, “How can we ensure the safety of our data in the future?” 

SolarWinds Data Breach featured

“In a statement, President-elect Joe Biden said he would “elevate cybersecurity as an imperative across the government” and “disrupt and deter our adversaries” from undertaking such major hacks.” (cnbc.com)

 

The cyber corruption of network management software provider SolarWinds has affected approximately 18,000 of their 300,000 customers, including companies and government organizations. Given the breadth of this cyber attack, many are asking, “How can we ensure the safety of our data in the future?”

 

Sadly, that question may be about as useful as asking, “How can we rid the world of bad guys?”

 

What Happened?

 

March – June 2020

 

According to SolarWinds, a vulnerability was injected into updates for their Orion products between March and June 2020. It appears that the vulnerability was placed in the build rather than in the source code or in the certificate, as is often the case. This is important to note, as it is one indicator of the sophistication of these hackers.

 

Eighteen thousand of the Orion users performed updates, unwittingly opening their data up to the breach.

 

December 2020

 

Orion user FireEye was the first to announce that a nation-state had hacked them.  Shortly after that, Reuters reported the data breach to the US Department of the Treasury, followed by a report from the Washington Post that linked the two data breaches as one.

 

“So far, the hackers are known to have at least monitored email or other data within the U.S. departments of Defense, State, Treasury, Homeland Security and Commerce.” (cnbc.com)

 

Can We Blame SolarWinds?

 

No, although they may be used as a scapegoat. SolarWinds appears to have been diligent in using standard cybersecurity practices and took many steps considered above the norm. This malware was particularly sophisticated.

 

The malware included no electronic footprints, meaning no ability to see which files had been viewed. No false data was implanted, a timed-release was set so that the breach did not activate until after scans of the files were complete (FireEye reported a 14-day period of dormancy), and it appears that each malware distributed was personalized for its victim.

 

“The operational teams appear to have used specific infrastructure for each victim, reducing the usefulness of network-based IOCs.” (SANS.com)

 

How Widespread is the Data Breach?

 

Reuters is reporting that SolarWinds was not the only software company affected. According to the news source: “Another major technology supplier was also compromised by the same attack team and used to get into high-value final targets, according to two people briefed on the matter.” (cnbc.com)

 

According to FireEye: “The victims have included government, consulting, technology, telecom and extractive entities in North America, Europe, Asia and the Middle East. We anticipate there are additional victims in other countries and verticals. FireEye has notified all entities we are aware of being affected.”

 

“The Department of Homeland Security said in a bulletin on Thursday the spies had used other techniques besides corrupting updates of network management software by SolarWinds, which is used by hundreds of thousands of companies and government agencies.” (CNBC.com)

 

What’s The Takeaway?

 

The ongoing fear is that this initial malware will open up to secondary attacks and affect thousands more; however, this breach has brought the focus back to cybersecurity and its importance from the top down. President-elect Biden has promised to make cybersecurity a priority as best as possible.

 

If you are using the Orion software – or if you are unsure – we might be able to help. The Department of  Department of Homeland Security Cyber divisions released an Emergency Directive for all Orion users. Tech One IT has cybersecurity experts that can help identify data breaches and initiate the process of getting your organization back to safety.

Email Us: Contact@techoneit.com | Call Us: 480-449-3333

 

View Open Jobs Here: Careers | Learn About TAP: Technology Apprenticeship Program |

Email Us: Contact@techoneit.com | Call Us: 480-449-3333

Recent Articles

How Facial Recognition Technology Is Changing The World How Facial Recognition Technology Is Changing The World If anything is clear from 2021, it's that nothing & everything will change. Facial recognition is the latest technology taking over the news.
January 14, 2021
Facial recognition -featured READ MORE
What Can We Learn From the SolarWinds Data Breach? What Can We Learn From the SolarWinds Data Breach? The SolarWinds cyberattack affects 18,000 of their 300,000 customers, including government organizations and Fortune 500 companies. How can we ensure the safety of our data?
January 6, 2021
SolarWinds Data Breach featured READ MORE
The Role Of Technology In The COVID Vaccine The Role Of Technology In The COVID Vaccine The overlap between technology and every other industry is not news to anybody, but in the fight against COVID-19, it’s hard to tell where technology’s role starts and ends. The only thing we can identify for sure is that technology played a major role.
December 23, 2020
technology and the COVID Vaccine READ MORE
Arizona IT Apprenticeship Program Troubleshooting Employer Participation Arizona IT Apprenticeship Program Troubleshooting Employer Participation During Arizona Apprenticeship Week, the state celebrated apprenticeship programs, including Tech One's Talent Apprenticeship Program
December 16, 2020
TechOne-IT-Apprenticeship READ MORE
ITSM – the hottest job prospect for 2021 ITSM – the hottest job prospect for 2021 ITSM is the word on everybody’s lips around here because it's the hottest job prospects for 2021. So, now's a good time to learn about it..
December 9, 2020
ITSM - featured image READ MORE