Voyage Tech Blogs

Voyage Technology has been serving the Beaver Dam area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Huge Cybersecurity Breach Affecting Major U.S. Organizations is the Biggest One Yet

Huge Cybersecurity Breach Affecting Major U.S. Organizations is the Biggest One Yet

Honestly, it shouldn’t be surprising that 2020 has come to an end with news of a massive cyberespionage attack—the biggest ever, as a matter of fact. Let’s dive into what we know, and what it signifies.

 How Did the Attack Happen?

In short, an IT management company known as SolarWinds was breached back in March, affecting a massive number of organizations—18,000 in all. These organizations include the likes of Microsoft, Cisco, and FireEye, as well as many states and federal organizations, including:

  • The U.S. Department of State
  • The U.S. Department of the Treasury
  • The U.S. Department of Homeland Security
  • The U.S. Department of Energy
  • The U.S. National Telecommunications and Information Administration
  • The National Institutes of Health, of the U.S. Department of Health
  • The U.S. National Nuclear Security Administration

When the attackers gained access to SolarWinds’ network, they were able to use what is known as a supply chain attack to introduce their malware to these departments and organizations by pushing it through the company’s automatic software update system for their Orion products. These kinds of attacks can be particularly effective since the threat is introduced to an environment via a trusted application.

Making this situation worse, many SolarWinds customers had excluded Orion products from their security checks on SolarWinds’ recommendation to prevent their other security products from shutting them down due to the malware signatures that these security products contain.

While (at the time of this writing) it is unclear what the attackers responsible used this access to do, the potential ramifications are truly terrifying. While government departments were targeted, it also needs to be said that this attack could have potentially continued from the major providers like Microsoft and Cisco to their clients, and so on and so forth. That’s why there is still no estimate of this attack’s true scope.

This attack was seemingly only discovered when an employee at FireEye received an alert that their VPN credentials had been used from a new device, and a little digging revealed the much larger situation playing out.

This Wasn’t the Only Attack, Either

Another attack was also discovered on SolarWinds’ network when the company performed an internal audit of its systems. On December 18, a second malware was found to have used the same tactic to infiltrate SolarWinds, but as of this writing does not seem to come from the same source.

What This Needs to Teach Us

Frankly, the most important lessons to be learned here are painfully obvious. First off, cybersecurity needs to be prioritized above all else, and all potential threats should be considered a likelihood. After all, the U.S. government was warned about the viability of exactly this kind of threat back in 2018 by the Government Accountability Office.

Secondly, the concept of your employees being a huge part of your cybersecurity strategy needs to be reinforced. This was only discovered when an employee was alerted of unusual activity and took that alert seriously. Your team needs to know what they are looking out for, and how to proceed if they spot it.

It is going to be some time before it becomes clear how deeply this threat went, assuming it ever does. Regardless, we want you to remember that Voyage Technology is here to help protect your business from as many IT issues as possible so that you can be more productive. To find out more about what we offer, give us a call at 800.618.9844 today.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Tuesday, 03 December 2024

Captcha Image

Sign Up For Our Newsletter!

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Technology Tip of the Week Best Practices Business Computing Data Productivity Business Software Hackers Innovation Cloud Network Security Hardware Internet IT Support Efficiency User Tips Malware Privacy Phishing Email Workplace Tips Google Computer Collaboration IT Services Users Hosted Solutions Mobile Device Quick Tips Ransomware Cybersecurity Microsoft Small Business Workplace Strategy Data Backup Communication VoIP Saving Money Smartphone Android Business Management Smartphones communications Mobile Devices Passwords Data Recovery Backup Managed Service Managed IT Services Social Media Microsoft Office Upgrade Browser Disaster Recovery Tech Term Network Internet of Things Remote Facebook Automation Artificial Intelligence Cloud Computing Covid-19 Server Managed Service Provider Remote Work Miscellaneous Gadgets Windows Outsourced IT Current Events Information Productivity Encryption Employee/Employer Relationship Spam Holiday Windows 10 Business Continuity Office Compliance Government AI Data Management Blockchain Windows 10 Wi-Fi Training Virtualization Business Technology Bandwidth Mobile Office Data Security Two-factor Authentication Apps Managed Services Voice over Internet Protocol Budget Apple Networking App Mobile Device Management Gmail Vendor Employer-Employee Relationship Chrome Conferencing Hacker Avoiding Downtime How To BDR BYOD Computing Applications WiFi Information Technology Access Control Office 365 Tip of the week Retail Computers Storage Password Healthcare Bring Your Own Device Managed IT Services Website Marketing Operating System HIPAA Router Virtual Private Network Risk Management Big Data Health Help Desk Analytics Office Tips Augmented Reality Customer Service Remote Workers Telephone Scam Data loss Cooperation Free Resource Project Management Windows 7 Going Green Patch Management Save Money Microsoft 365 Remote Monitoring Firewall Vulnerability End of Support Vendor Management Solutions Cybercrime The Internet of Things Display Printer Windows 11 Social Paperless Office Infrastructure Monitoring 2FA IT Support Excel Document Management Managed IT Service Hacking Maintenance Presentation Antivirus Sports Downloads iPhone Mouse Licensing Wireless Technology Vulnerabilities Entertainment Administration Data Privacy Images 101 Word Telephone System Multi-Factor Authentication Robot Mobility Cost Management Settings Printing Wireless Content Filtering IT Management VPN Employees YouTube Meetings Safety Integration Cryptocurrency User Tip Modem Computer Repair Mobile Security Processor Virtual Desktop Holidays LiFi Data storage Data Storage Smart Technology Supply Chain Video Conferencing Outlook Machine Learning Managed Services Provider Customer Relationship Management Professional Services Money Saving Time Virtual Machines Humor Hacks Server Management Regulations Compliance Scary Stories Private Cloud Identity Evernote Paperless Fun Co-managed IT Superfish Bookmark Identity Theft Smart Tech Memes Deep Learning Download Net Neutrality Twitter Alerts SQL Server Technology Care User Financial Data Error History Business Communications Social Engineering Break Fix Scams Browsers Smartwatch Education Connectivity IT Upload Procurement Remote Computing Azure Hybrid Work Mobile Computing Social Network Telework Cyber security IP Address Multi-Factor Security Tech Human Resources Search Dark Web Cables CES Tablet IoT Communitications Best Practice Trends Supply Chain Management Alert Recovery Managed IT Customer Resource management FinTech Buisness File Sharing Regulations Dark Data Google Calendar Term Google Apps How To Microsoft Excel IT Maintenance Hard Drives Legal Data Analysis IT solutions Star Wars IT Assessment Business Growth Gamification Flexibility Notifications Staff Value Business Intelligence Domains Organization Travel Social Networking Legislation Shortcuts Cortana Ransmoware Refrigeration Techology Fileless Malware Digital Security Cameras Google Maps Smart Devices Alt Codes Content Remote Working Wearable Technology Memory Vendors Public Speaking Health IT Downtime Unified Threat Management Motherboard Data Breach Lithium-ion battery Comparison Google Play Be Proactive Hosted Solution Assessment Electronic Health Records Permissions Workforce Entrepreneur Unified Threat Management Directions Videos Typing Wasting Time Threats Network Congestion Specifications Security Cameras Workplace Strategies Trend Micro Internet Exlporer Software as a Service Knowledge Physical Security Fraud Meta Undo Google Drive User Error Microchip Username Managing Costs Amazon 5G Black Friday SSID Point of Sale eCommerce Unified Communications Database Surveillance Experience Virtual Assistant Outsource IT Google Docs Bitcoin Network Management Running Cable Tech Support IT Technicians Virtual Machine Environment Media Monitors Cyber Monday Medical IT Application Google Wallet Proxy Server Reviews Cookies Tactics Development Hotspot Transportation Small Businesses Windows 8 Laptop Websites Mirgation Hypervisor Displays IBM PowerPoint Drones Shopping Nanotechnology Optimization Addiction Electronic Medical Records Language Employer/Employee Relationships Outsourcing SharePoint Management PCI DSS Halloween Chatbots Navigation Writing Distributed Denial of Service Workplace Lenovo Gig Economy Screen Reader Service Level Agreement Internet Service Provider Virtual Reality Computing Infrastructure Teamwork Hiring/Firing Competition

Blog Archive