cyber hacker on his laptop with code and the U.S. in the background

What Can Businesses Learn from SolarWind Hack

SolarWind The Largest Hack in History

Texas-based software services company SolarWinds was at the center of the largest hack of a Western government in recent history, possibly ever.

When the hack was discovered its customers were advised to log out of its Orion platform, a program used to monitor company networks. The big problem here is that many U.S. federal institutions and Fortune 500 companies used the Orion platform to monitor their IT systems also.

How Did It Start?

It all started when the cyber security company FireEye discovered that it had been hacked. FireEye is a cybersecurity company that works to protect and improve the cyber defense of its clients. It also works with many government agencies and organizations. It’s mostly an offensive security organization meaning they actively try to hack into their client organization to check if their systems are secure.

In March of 2020 when IT staff at over 18,000 companies and organizations using the SolarWinds platform were presented with a link to download the latest version of Orion. The IT staff and companies were unaware that this new version was imbedded with malware capable of giving hackers access to any infected network.

SUNBURST is the malware hackers implanted into the SolarWinds software.

Solar Winds said it traced hacker activity back to at least October 2019 and is investigating further into the attack. The identity of the hackers are still unknown but some experts say that the attack could have been a result of a phishing email. The President of Microsoft, Brad Smith, said in a statement that the attack was “remarkable for its scope, sophistication and impact.”

How did hackers infect a software update with malware?

Hackers gained access to the system SolarWinds uses to update Orion and inserted the malicious code into the software update for the program. This type of attack is known as a supply-chain attack.

What Is A Supply Chain Attack

A supply chain attack is a cyber-attack that damages an organization by targeting weaker elements within their supply chain. Cybercriminals interfere with certain processes by installing malicious software that allows for access to typically inaccessible to unauthorized users.

What makes supply-chain attacks so dangerous is the fact that it hides the malware inside typically safe and trusted software. Instead of manipulating victims into opening a fraudulent email via a phishing campaign. All they have to do is successfully implant their malware into a new update or program and big companies and agencies will download it.

Cyber security firm FireEye conducted its own analysis of the breach and discovered a killswitch that would prevent Sunburst from operating. The cyber security company worked with GoDaddy and Microsoft to figure out which companies might still be struggling with the SUNBURST infection.

Furthermore, a Chinese cyber security company RedDrip team found in its investigation of the incident that there were nearly a hundred suspected victims of the SolarWinds breach. This includes Universities, governments and private companies.

Why Does This Matter?

Regardless of who was responsible for the hack, the consequences of the attack are dire. Not only for the government agencies impacted by the malware but also for the businesses who may have had their data exposed.

The worst part of a cyber-attack, especially one this big, is that the victims might not know the full impact of the breach until months or maybe even years later. Again, FireEye is a cyber security company that uses complex tools to safeguard the security of its clients. Therefore, if hackers compromised the company and have access to its tools, it also has access to the data of the various organizations FireEye has worked with.

You might be asking yourself, “Why should I care about this SolarWinds stuff? It won’t affect me.” But, you see, when it comes to IT and cyber security the story is much more complicated than that. If you’re a business owner or even a regular customer, you might not have encountered SolarWinds directly. However, the companies you work or interact with might have the SolarWinds software as a part of their digital infrastructure.

In other words, any company that you engage with that might be using Orion or any SolarWinds software has had their sensitive customer data exposed. So we don’t really know how deep this goes or who it could impact in the future.

The Importance of Having a Reliable MSP

SolarWinds, like Managed Services Providers (MSP), provide technology services to its clients and customers. In fact, SolarWinds offers many of its technology solutions to MSP’s. MSP’s, like Nerds Support offer technology services to a variety of businesses across many industries. So if a businesses contracts an MSP using SolarWinds software, that MSP’s data is compromised. If the MSP’s data is compromised then the businesses is compromised. In essence there is a chain of exposed information that leads from SolarWinds all the way down to the businesses who might not even be aware they have been breached.

For that reason, MSP’s are frequently targeted by hackers and cybercriminals. As more businesses rely on MSP’s to manage IT infrastructure and provide digital resources, cybercriminals target MSP’s to gain access to valuable business information.

In a June 2020 report the United States Secret Service issued an alert confirming MSP’s were experiencing more frequent cyber-attacks. That doesn’t mean that MSP’s are unreliable rather that it’s important for business owners and leaders to really do the research and look for an MSP with the proper security protocols and channels in place to keep customer data secure.

Nerds Support, for example, is an IT services company working with Accounting and financial services firms from all across the US. Because financial services companies have so much sensitive client data, we’ve taken the added step of complying with SOC and FINRA guidelines to ensure the security and safety of their information. By following compliance guidelines we’re going further than other MSP’s because we understand that security is everything.

Regardless of the industry you’re in, look for an MSP that follows regulatory guidelines, uses advanced cyber security tools, and has the proper checks in place to secure your data.