As we previously reported, the software company, SolarWinds was compromised when hackers launched a supply chain attack by installing malicious code into an updated version of their software that was pushed to almost 20,000 customers. The code created a backdoor into customers’ systems which hackers used to install more malware to spy on the organizations.
After a federal investigation, it was found that the Russian Foreign Intelligence Service known as SVR, was responsible for the attack, although Russia denies any involvement.
This was one of the largest breaches in recent history and is serving as a major wake-up call for cybersecurity efforts. As to how it happened, more details are unfolding, but here is what we know.
- Hackers used a supply chain attack, which targets a third-party with access to other organization’s systems rather than trying to hack those businesses directly.
- Government departments like Homeland Security and the Treasury department were affected in addition to large companies like Microsoft and Deloitte.
- Hackers used password guessing to breach targets. The attack may have started when an intern set a crucial password to “solarwinds123.” The password was set on a server back in 2017 and leaked online. It is unknown if the weak password was the sole reason as to how the attackers were able to gain access to the system, but it was a major security flaw.
- Further investigation discovered that the hackers used Amazon Web Services to disguise their hack as benign network traffic.
- Last month, the U.S. House of Representatives held a joint hearing on Friday on the cybersecurity incidents. Solarwinds, Microsoft, FireEye, and CrowdStrike executives have testified at the senate hearing involving the attack.
As the hearings and further investigations continue, we will have more updates on the attack. As more companies discover their systems were compromised and more details are revealed, we will continue to post our updates here.
Ultimately, this attack has put a spotlight on the importance of a cybersecurity policy and response plan. If your organization is unsure if your systems are secure from a cyber-attack, contact us today to do a full overlook of your systems. Secure your business today.