Posted on December 28, 2020,

The recent SolarWinds hack is being called “historic,” and is the most significant international espionage attack to date. The hack targeted both major private companies and federal agencies and is currently blamed on Russian perpetrators.

 

What do you need to know about the SolarWinds hack, and how to shield your business against cyberattacks? We’ll take a closer look at what we know so far so you can take steps to protect your business.

 

What is SolarWinds?

SolarWinds is a U.S.-based network performance and systems monitoring company. It makes IT products widely used by U.S. corporations and the federal government. SolarWinds’ Orion Platform software enables businesses to identify, diagnose, and solve critical networking and IT problems.

 

SolarWinds had reported that it provides services to over 425 companies in the U.S. Fortune 500. It has hundreds of thousands of customers who use their network monitoring services, including 18,000 vulnerable to Russia’s attack. 

 

What We Know So Far

“It is possible they are looking for information regarding our knowledge of COVID-19 vaccines — that’s been something that’s been thrown out. It’s anybody’s guess right now, but one thing is that it’s a widespread attack. It’s most likely larger than what we currently understand.”

    — Scott Spiro, SugarShot Co-Founder

 

Russia’s hack of SolarWinds has been traced back to March 2020. The hack was discovered when the perpetrators broke into cybersecurity firm FireEye, which first disclosed a breach on December 9. 

 

The attack employed extremely sophisticated hacking capabilities and used cyber tools that have not been seen on this scale before. The hackers infected a routine software update with malicious code, targeting a weakness in the software supply chain used by all U.S. government institutions and businesses. When approximately 18,000 of SolarWinds’ customers installed this update, the malware spread unchecked. The extent of the attack damage is still unknown.

 

Unlike phishing attempts, supply chain attacks compromise software at its source. Supply chain attacks are difficult to implement but disastrous in spreading malware under a trusted supplier’s guise.

 

Because of the skill level involved in this attack, federal investigators have surmised that agents connected with the Russian government are likely responsible. 

 

It may take many months to reveal the extent of the damage caused by this attack. The impact it’s already had indicates how poorly prepared the U.S. government (and U.S. companies) is to defend, respond to and prevent cyberattacks of this nature.

 

Who Is Impacted?

 

The U.S. Departments of Homeland Security, Commerce, Energy, State, the Treasury, and the National Institutes of Health were impacted in SolarWinds’ cyberattack. There is currently no evidence that the Internal Revenue Service (IRS) was involved or that taxpayer records were compromised.

 

Additionally, companies including Microsoft, Intel, AT&T, McDonald’s, Mastercard and Visa may have been affected. SolarWinds’ website is advising customers using Orion Platform software versions 2019.4 HF 5, 2020.2 (with no hotfix) and 2020.2 HF 1 to upgrade immediately to help ensure their environment’s security. If this applies to your company, visit SolarWinds’ Security Advisory page immediately.

 

Cybersecurity Protection Tips

It has been widely reported that SolarWinds’ security practices appear to have been lacking on several fronts, including using “solarwinds123” as the password for its update server. While not suspected of being tied to this attack, it’s a potent reminder to be vigilant about general security protocols.

 

Implementing and maintaining a cybersecurity strategy is the first step in securing your digital assets. Here’s a list of security practices that provide barriers between you and cybercriminals:

 

  • Perform a risk assessment: Conduct an IT security risk assessment to create a disaster recovery strategy that protects your critical assets from threats. 

  • Protect proprietary and customer data: Identify and safeguard data shared with third parties.

  • Detect intrusions through mobile devices: Identify all mobile devices that touch company data and those with access to them.

  • Evaluate BYOD policies: Address risks associated with employee-owned devices. 

  • Maintain a strong password policy: Set strict criteria for system passwords to prevent unwanted access.

  • Use multiple layers of protection: Consider multi-level security or Defense in Depth (DiD) measures.

  • Limit user access: Control user access to specific data required for job performance.

  • Impose email restrictions: Educate employees on phishing tactics and use encryption, antivirus software and spam filters to thwart hackers.

  • Secure your Wi-Fi: Use separate guest and corporate networks and limit network session lengths.

  • Backup your data: Schedule regular backups and keep backup data in the Cloud or other offsite storage facility.

  • Train employees on security protocols: Require adherence to security protocols and communicate policy changes as needed.

  • Update policies regularly: Ensure your security policies and cybersecurity training curriculum are relevant and updated frequently. 

 

For a deeper dive, read: The Ultimate Small Business Cybersecurity Checklist

 

Stay Up to Date on Cybersecurity With SugarShot

Enacting effective cybersecurity measures can feel daunting. With so much at stake, it can be overwhelming if you lack the personnel or expertise to put necessary cybersecurity measures in place to protect your business.

 

If you’ve never considered partnering with a managed IT services provider, now may be the time. SugarShot specializes in keeping your business up and running at optimal performance levels. Technology oversights can lead to costly downtime, but SugarShot anticipates technology problems and handles them before they impact your business. 

 

We’ll be keeping you updated on the status of the SolarWinds hack as information becomes available. Until then, watch this space for more cybersecurity and business technology news.

For more information on our services, contact us today!