facebook linkedin twitter

Computerware Blog

Huge Cybersecurity Breach Affecting Major U.S. Organizations is the Biggest One Yet

Huge Cybersecurity Breach Affecting Major U.S. Organizations is the Biggest One Yet

Honestly, it shouldn’t be surprising that 2020 has come to an end with news of a massive cyberespionage attack—the biggest ever, as a matter of fact. Let’s dive into what we know, and what it signifies.

 How Did the Attack Happen?

In short, an IT management company known as SolarWinds was breached back in March, affecting a massive number of organizations—18,000 in all. These organizations include the likes of Microsoft, Cisco, and FireEye, as well as many states and federal organizations, including:

  • The U.S. Department of State
  • The U.S. Department of the Treasury
  • The U.S. Department of Homeland Security
  • The U.S. Department of Energy
  • The U.S. National Telecommunications and Information Administration
  • The National Institutes of Health, of the U.S. Department of Health
  • The U.S. National Nuclear Security Administration

When the attackers gained access to SolarWinds’ network, they were able to use what is known as a supply chain attack to introduce their malware to these departments and organizations by pushing it through the company’s automatic software update system for their Orion products. These kinds of attacks can be particularly effective since the threat is introduced to an environment via a trusted application.

Making this situation worse, many SolarWinds customers had excluded Orion products from their security checks on SolarWinds’ recommendation to prevent their other security products from shutting them down due to the malware signatures that these security products contain.

While (at the time of this writing) it is unclear what the attackers responsible used this access to do, the potential ramifications are truly terrifying. While government departments were targeted, it also needs to be said that this attack could have potentially continued from the major providers like Microsoft and Cisco to their clients, and so on and so forth. That’s why there is still no estimate of this attack’s true scope.

This attack was seemingly only discovered when an employee at FireEye received an alert that their VPN credentials had been used from a new device, and a little digging revealed the much larger situation playing out.

This Wasn’t the Only Attack, Either

Another attack was also discovered on SolarWinds’ network when the company performed an internal audit of its systems. On December 18, a second malware was found to have used the same tactic to infiltrate SolarWinds, but as of this writing does not seem to come from the same source.

What This Needs to Teach Us

Frankly, the most important lessons to be learned here are painfully obvious. First off, cybersecurity needs to be prioritized above all else, and all potential threats should be considered a likelihood. After all, the U.S. government was warned about the viability of exactly this kind of threat back in 2018 by the Government Accountability Office.

Secondly, the concept of your employees being a huge part of your cybersecurity strategy needs to be reinforced. This was only discovered when an employee was alerted of unusual activity and took that alert seriously. Your team needs to know what they are looking out for, and how to proceed if they spot it.

It is going to be some time before it becomes clear how deeply this threat went, assuming it ever does. Regardless, we want you to remember that Computerware is here to help protect your business from as many IT issues as possible so that you can be more productive. To find out more about what we offer, give us a call at (703) 821-8200 today.

Security Tips That Will Help You Hold Your Own
This is What Gives Managed IT Its Value


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Saturday, January 23, 2021

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://www.cwit.com/

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Security Tip of the Week Technology Best Practices Business Computing Privacy Software Internet Cloud Data Hackers Business Management Workplace Tips Hardware Network Security Microsoft Productivity Backup Business Hosted Solutions Email Managed Service Provider Productivity IT Services Efficiency Saving Money Malware Innovation Google Small Business User Tips Computer Collaboration IT Support VoIP Data Backup Quick Tips Smartphones Network IT Support Data Recovery Mobile Devices communications Microsoft Office Android Business Continuity Gadgets Disaster Recovery Smartphone Cybersecurity Phishing Communication Social Media Upgrade Mobile Office Server Mobile Device Virtualization Miscellaneous Ransomware Users Managed IT Services Mobile Device Management Passwords Windows Holiday BDR Operating System Vendor Management Apps Internet of Things Tech Term Windows 10 Outsourced IT Remote Monitoring Facebook Unified Threat Management Automation BYOD Mobile Computing Analytics Managed IT services WiFi Data Management Remote Computing Covid-19 Apple Windows 10 Marketing Training Browser Spam Help Desk The Internet of Things Save Money Managed Service History Cloud Computing Artificial Intelligence Firewall Business Technology Bandwidth Big data Encryption Health App Alert Office 365 IT Consultant Office Budget Information Technology Two-factor Authentication Gmail Government Managed IT Cybercrime Bring Your Own Device Maintenance Antivirus Printer Hard Drives Access Control Networking VPN Windows 7 Blockchain Content Filtering Wi-Fi Information Going Green Windows 8 Healthcare Outlook Recovery Employer-Employee Relationship Retail Wireless Technology Document Management Hiring/Firing Virus Tech Support Search Cost Management Saving Time Remote Work Computers Lithium-ion Battery Best Practice Risk Management IBM Storage Augmented Reality Project Management Money Humor Vendor Hacking Conferencing Avoiding Downtime It Management Data Security iPhone Travel Phone System Patch Management Education Computing Data Loss Customer Service Update Wireless Remote Customer Relationship Management Data Breach Law Enforcement Website PowerPoint Solid State Drive Save Time Compliance Router Downtime Data storage Flexibility File Sharing Applications Administration Hard Drive Password Laptop Value Proactive IT Mobility Computer Repair Running Cable Hacker Legal Regulations Meetings Twitter Intranet Current Events SaaS Voice over Internet Protocol End of Support Machine Learning Vulnerabilities Robot Net Neutrality DDoS Securty Telephone Systems Business Intelligence Fax Server Chrome Digital Payment Employee/Employer Relationship Digital Websites Cooperation Black Market Word Comparison Tablet Cryptocurrency Software as a Service Cortana Google Maps Company Culture Business Growth Social Engineering Social Networking Monitoring Employees Paperless Office Private Cloud Sports User Management Disaster Virtual Desktop Excel Telephony Scam Hosted Solution Social Managed Services Provider Microchip Taxes Redundancy Documents Distributed Denial of Service Entertainment IT service Teamwork Heating/Cooling Display Smart Devices How To Lifestyle Evernote Managed Services Virtual Assistant Gaming Console Public Cloud Licensing Video Conferencing Bluetooth Managed IT Service Webcam Start Menu Tech Terms Text Messaging Identity Theft Computer Accessories Notifications Distribution eWaste Mobile Technology Trending Memory Google Docs Processor Mouse Politics Uninterrupted Power Supply Experience Virtual Reality Monitors Emails Cost Vulnerability Cleaning Automobile Chromebook Statistics Bitcoin Processors Solutions Programming Office Tips Inbound Marketing Professional Services eCommerce Data Protection Network Congestion USB Computing Infrastructure Hack YouTube Presentation How To Download Unified Communications Settings Pain Points Integration Downloads Time Management Specifications Safety Holidays Co-managed IT Streaming Media User Error Multi-factor Authentication Telephone Term Equifax Fleet Tracking Tip of the week Virtual Private Network Permissions Language Upselling Electronic Medical Records Transportation Worker Network Management Google Calendar Read Digital Signature Device security MSP Touchscreen News Development Recording Optimization Reading Samsung VoIP FinTech Directions Video Surveillance switches Writing Saving ZTime SSID Employer Employee Relationship Nanotechnology Social Network Knowledge Data Storage Music Dark Web Free Resource G Suite Desktop Finance Device Management Consultation Processing Hacks Physical Security Startup Asset Tracking Business Managemenet Procurement PDF Health IT Business Cards Service Level Agreement Content Management Technology Tips Reviews Upgrades Banking Best Practives Botnet Username Fake News LiFi Harddrive Logistics Virtual Machines Relocation Unified Threat Management Tablets Backup and Disaster Recovery Audit Organization Best Available Keyboard Debate Wasting Time online Currency Data Warehousing Communitications Domains Cyber security Screen Reader Customer Resource management PCI DSS GPS Bookmark Sync Gamification Public Speaking External Harddrive Google Play Telephone Service CCTV Smart Tech Emergency Hard Drive Disposal Supply Chain Management Work/Life Balance Employer/Employee Relationships Piracy Microserver Upload Access Shopping Deep Learning Business Metrics Computer Malfunction HTML LinkedIn Microsoft Excel Internet Service Provider Visible Light Communication Microsoft 365 Reliable Computing Fiber-Optic Database Computer Care AI Shortcut Managing Costs Google Drive Windows Server 2008 IT Assessment IT consulting Troubleshooting Thin CLient Medical IT Trend Micro Telephone System Regulations Compliance Entrepreneur 3D Browsers Ebay Get More Done In Internet of Things Mobile Security HIPAA Smart Phones Security Cameras Threats Printer Server Multi-Factor Security Skype Remote Working Environment User Tip Proactive Maintenance Software License Turn Key Trends Spyware Archive Mobile Payment Gig Economy Trojan Motion Sickness Devices Advertising Electronic Payment Flash Scalability Fraud Tactics Electricity Printing Supply Chains CIO Competition Navigation Virtual Machine Electronic Health Records Windows XP Business Owner Leadership Messenger Organize Tracking Point of Contact Financial Data Staffing Google Wallet Adminstration Data Analysis Pirating Information UTM Content Displays IP Address GDPR Managing Risk Rental Service Legislation Error Society Printers SQL Server IT Plan Enterprise Resource Planning cache Television Memes Smartwatch Hypervisor Web Server Accountants A.I. Managing IT Services Human Resources email scam Cabling Addiction WannaCry 2FA Micrsooft Application Tech Recycling Freedom of Information Surveillance Books Workers Corporate Profile Analytic Telework Drones Fileless Malware Hybrid Cloud Administrator Modem Strategy Webinar Supercomputer Wireless Headphones Product Reviews Remote Workers Proxy Server Azure Migration Connected Devices Assessment SharePoint IT CrashOverride Capital Personal Information Productuvuty 3D Printing Financial Managing Stress Regulation CES