Business Solutions & Software Group Blog

Business Solutions & Software Group Blog

Business Solutions & Software Group has been serving the Coral Springs area since 1997, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Font size: +

A Rundown on the Largest Hack in U.S. History

A Rundown on the Largest Hack in U.S. History

2020 has brought us a lot of news that we’d rather not hear. Just days before the end of what may be regarded as one of the worst years on record, there is more. One of the largest hacks in the history of the Internet happened earlier this year and more is being learned about it each day. Today, we will tell you what we know, who it affected, and what your business needs to do to secure itself. 

How Did the Attack Happen?

In short, an IT management company known as SolarWinds was breached back in March, affecting a massive number of organizations—18,000 in all. These organizations include the likes of Microsoft, Cisco, and FireEye, as well as many states and federal organizations, including:

  • The U.S. Department of State
  • The U.S. Department of the Treasury
  • The U.S. Department of Homeland Security
  • The U.S. Department of Energy
  • The U.S. National Telecommunications and Information Administration
  • The National Institutes of Health, of the U.S. Department of Health
  • The U.S. National Nuclear Security Administration

When the attackers gained access to SolarWinds’ network, they were able to use what is known as a supply chain attack to introduce their malware to these departments and organizations by pushing it through the company’s automatic software update system for their Orion products. These kinds of attacks can be particularly effective since the threat is introduced to an environment via a trusted application.

Making this situation worse, many SolarWinds customers had excluded Orion products from their security checks on SolarWinds’ recommendation to prevent their other security products from shutting them down due to the malware signatures that these security products contain.

While (at the time of this writing) it is unclear what the attackers responsible used this access to do, the potential ramifications are truly terrifying. While government departments were targeted, it also needs to be said that this attack could have potentially continued from the major providers like Microsoft and Cisco to their clients, and so on and so forth. That’s why there is still no estimate of this attack’s true scope.

This attack was seemingly only discovered when an employee at FireEye received an alert that their VPN credentials had been used from a new device, and a little digging revealed the much larger situation playing out.

This Wasn’t the Only Attack, Either

Another attack was also discovered on SolarWinds’ network when the company performed an internal audit of its systems. On December 18, a second malware was found to have used the same tactic to infiltrate SolarWinds, but as of this writing does not seem to come from the same source.

What This Needs to Teach Us

Frankly, the most important lessons to be learned here are painfully obvious. First off, cybersecurity needs to be prioritized above all else, and all potential threats should be considered a likelihood. After all, the U.S. government was warned about the viability of exactly this kind of threat back in 2018 by the Government Accountability Office.

Secondly, the concept of your employees being a huge part of your cybersecurity strategy needs to be reinforced. This was only discovered when an employee was alerted of unusual activity and took that alert seriously. Your team needs to know what they are looking out for, and how to proceed if they spot it.

We may not know the complete set of ramifications of this attack for a while, but your business can take the steps it needs to secure your business network and infrastructure. Call the IT experts at Business Solutions & Software Group today at (954) 575-3992 to get a complete assessment and consultation on how to keep hackers and scammers off of your network.

 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Tuesday, 03 December 2024

Captcha Image

About Business Solutions & Software Group

Business Solutions & Software Group has been serving the South Florida area since 1997, providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses. Our experience has allowed us to build and develop the infrastructure needed to keep our prices affordable and our clients up and running.

get a free quote

Recent News

Business Solutions & Software Group is proud to announce the launch of our new website at www.bssgcorp.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our services for ...

Contact Us

10211 W Sample Road Suite 114
Coral Springs, Florida 33065

Mon to Fri 9:00am to 6:00pm

help@itcloud360.com

(954) 575-3992