The SolarWinds cyberattack: What you should know

As we continue uncovering information about the recent SolarWinds attack involving the U.S. federal government and many large corporations, it’s clear this has the potential to be the most impactful data breach of all time. IT professionals across the country are working to understand the full extent of the breach, and it’s likely we will continue to see ramifications of recent events for years to come.

Breaking Down the SolarWinds Attacks

Earlier this month, FireEye—a premier cybersecurity firm—reported that it was a victim of a cyberattack. Among its IT- and cybersecurity-related services, FireEye performs red team exercises and penetration testing to identify network vulnerabilities, and as a result of this breach, their red teaming tools were stolen and are now in the hands of bad actors.

Soon after the news of the FireEye breach, it came to light that at least two government agencies had been hacked, and it was discovered the breach was the result of a vulnerability in a tool created by SolarWinds, a network management firm with many government entities and Fortune 500 companies included in its list of customers.

As early as March 2020, hackers successfully compromised SolarWinds Orion platform—an IT performance management system—and inserted malicious code in software updates that went undetected for months. Executing a supply chain management breach, the hackers injected a backdoor in the SolarWinds code updates, after which compromised versions of the software were then downloaded on 18,000 instances of Orion.

 

continue reading »