You are here: Blog Josh Coppage Want to Strengthen Your Cybersecurity? Don’t Do These 6 Things

Voyage Tech Blogs

Voyage Technology has been serving the Beaver Dam area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Font size: +
Print

Huge Cybersecurity Breach Affecting Major U.S. Organizations is the Biggest One Yet

Voyage Technology Blog Alerts
0 Comments
Huge Cybersecurity Breach Affecting Major U.S. Organizations is the Biggest One Yet

Honestly, it shouldn’t be surprising that 2020 has come to an end with news of a massive cyberespionage attack—the biggest ever, as a matter of fact. Let’s dive into what we know, and what it signifies.

 How Did the Attack Happen?

In short, an IT management company known as SolarWinds was breached back in March, affecting a massive number of organizations—18,000 in all. These organizations include the likes of Microsoft, Cisco, and FireEye, as well as many states and federal organizations, including:

  • The U.S. Department of State
  • The U.S. Department of the Treasury
  • The U.S. Department of Homeland Security
  • The U.S. Department of Energy
  • The U.S. National Telecommunications and Information Administration
  • The National Institutes of Health, of the U.S. Department of Health
  • The U.S. National Nuclear Security Administration

When the attackers gained access to SolarWinds’ network, they were able to use what is known as a supply chain attack to introduce their malware to these departments and organizations by pushing it through the company’s automatic software update system for their Orion products. These kinds of attacks can be particularly effective since the threat is introduced to an environment via a trusted application.

Making this situation worse, many SolarWinds customers had excluded Orion products from their security checks on SolarWinds’ recommendation to prevent their other security products from shutting them down due to the malware signatures that these security products contain.

While (at the time of this writing) it is unclear what the attackers responsible used this access to do, the potential ramifications are truly terrifying. While government departments were targeted, it also needs to be said that this attack could have potentially continued from the major providers like Microsoft and Cisco to their clients, and so on and so forth. That’s why there is still no estimate of this attack’s true scope.

This attack was seemingly only discovered when an employee at FireEye received an alert that their VPN credentials had been used from a new device, and a little digging revealed the much larger situation playing out.

This Wasn’t the Only Attack, Either

Another attack was also discovered on SolarWinds’ network when the company performed an internal audit of its systems. On December 18, a second malware was found to have used the same tactic to infiltrate SolarWinds, but as of this writing does not seem to come from the same source.

What This Needs to Teach Us

Frankly, the most important lessons to be learned here are painfully obvious. First off, cybersecurity needs to be prioritized above all else, and all potential threats should be considered a likelihood. After all, the U.S. government was warned about the viability of exactly this kind of threat back in 2018 by the Government Accountability Office.

Secondly, the concept of your employees being a huge part of your cybersecurity strategy needs to be reinforced. This was only discovered when an employee was alerted of unusual activity and took that alert seriously. Your team needs to know what they are looking out for, and how to proceed if they spot it.

It is going to be some time before it becomes clear how deeply this threat went, assuming it ever does. Regardless, we want you to remember that Voyage Technology is here to help protect your business from as many IT issues as possible so that you can be more productive. To find out more about what we offer, give us a call at 800.618.9844 today.

Tweet
Tags:
Security Network Security Vendor
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, 25 April 2025

Captcha Image

Sign Up For Our Newsletter!

Blog Categories

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Technology Tip of the Week Best Practices Business Computing Data Productivity Business Software Innovation Hackers Cloud User Tips Network Security Hardware Internet Efficiency IT Support Malware Google Privacy Email Workplace Tips Phishing Computer IT Services Hosted Solutions Users Collaboration Mobile Device Ransomware Workplace Strategy Quick Tips Small Business Microsoft Cybersecurity Passwords Data Backup Communication Smartphone Backup Saving Money Business Management Smartphones VoIP Android Mobile Devices Managed Service Upgrade communications Disaster Recovery Browser Data Recovery Managed IT Services Social Media Microsoft Office Windows Tech Term Network Remote Internet of Things Current Events Facebook Automation Artificial Intelligence Productivity Gadgets Covid-19 Cloud Computing Miscellaneous AI Server Remote Work Managed Service Provider Outsourced IT Information Holiday Spam Encryption Employee/Employer Relationship Windows 10 Compliance Office Business Continuity Government Training Data Management Business Technology Virtualization Bandwidth Blockchain Wi-Fi Windows 10 Two-factor Authentication Apps Data Security Mobile Office Managed Services Voice over Internet Protocol Chrome Budget Employer-Employee Relationship Apple Networking App Vendor BYOD Mobile Device Management Gmail Access Control Conferencing Office 365 WiFi IT Support Tip of the week How To Hacker BDR Avoiding Downtime Applications Marketing Computing Information Technology Health Analytics Office Tips Big Data Healthcare Augmented Reality Retail Storage Password Bring Your Own Device Managed IT Services Computers HIPAA Router Website Operating System Virtual Private Network Help Desk Risk Management Paperless Office Infrastructure The Internet of Things Remote Workers Telephone Social Document Management Cooperation Free Resource Project Management Windows 7 Scam Data loss Customer Service Microsoft 365 Solutions Going Green Patch Management Save Money Remote Monitoring Vulnerability End of Support Vendor Management Cybercrime Windows 11 Physical Security Monitoring Firewall 2FA Display Printer Excel Professional Services Saving Time Safety Virtual Desktop Virtual Machines LiFi Data storage Managed IT Service Outlook Machine Learning Downloads iPhone Money Licensing Humor Vulnerabilities Entertainment Maintenance Data Privacy Antivirus Customer Relationship Management Sports Mouse Images 101 Telephone System Multi-Factor Authentication Mobility Hacking Administration Cost Management Presentation Wireless Technology Employees Robot Integration Settings Printing User Tip Modem Wireless Content Filtering Mobile Security Processor IT Management Word VPN YouTube Meetings Holidays Cryptocurrency Data Storage Smart Technology Supply Chain Video Conferencing Computer Repair Managed Services Provider Distributed Denial of Service Workplace Google Wallet Gig Economy Screen Reader Monitors Service Level Agreement Internet Service Provider Undo Computing Infrastructure Teamwork Hiring/Firing Windows 8 Regulations Compliance Laptop Websites Identity Evernote Paperless Co-managed IT Drones Bookmark Smart Tech Memes Download Net Neutrality Electronic Medical Records Alerts SQL Server Technology Care SharePoint Financial Data Halloween History Business Communications Writing Break Fix Scams Lenovo Browsers Smartwatch Connectivity IT Application Upload Procurement Virtual Reality Azure Hybrid Work Hacks Server Management Social Network Telework IBM Scary Stories Private Cloud Cyber security Multi-Factor Security Tech Human Resources Fun Dark Web Cables Superfish CES Identity Theft IoT Communitications Deep Learning Trends Supply Chain Management Twitter Customer Resource management FinTech Error Regulations Google Calendar Term Google Apps Social Engineering Microsoft Excel IT Maintenance Data Analysis Education Star Wars IT Assessment Gamification Flexibility Competition Remote Computing Staff Value Business Intelligence Mobile Computing Organization Social Networking Legislation Shortcuts Search Ransmoware Fileless Malware Digital Security Cameras Tablet Smart Devices Best Practice Content Remote Working Alert Wearable Technology Memory Vendors Managed IT Health IT Buisness File Sharing Motherboard Data Breach User Dark Data Comparison Google Play Be Proactive Assessment Electronic Health Records How To Permissions Workforce Legal Directions Videos IT solutions Business Growth Notifications Wasting Time Threats Specifications Security Cameras Workplace Strategies IP Address Travel Trend Micro Internet Exlporer Software as a Service Cortana Fraud Meta Techology Microchip Google Maps Alt Codes Username Managing Costs Amazon Black Friday SSID Downtime Unified Threat Management eCommerce Recovery Database Surveillance Hard Drives Virtual Assistant Outsource IT Unified Threat Management Hosted Solution Typing Domains IT Technicians Virtual Machine Environment Media Cyber Monday Medical IT Proxy Server Reviews Cookies Network Congestion Tactics Development Refrigeration Knowledge Hotspot Transportation Small Businesses Google Drive User Error Public Speaking Mirgation Hypervisor Displays PowerPoint Shopping Lithium-ion battery Point of Sale Nanotechnology Optimization 5G Addiction Experience Language Employer/Employee Relationships Outsourcing Entrepreneur Google Docs Unified Communications Bitcoin Network Management Management PCI DSS Running Cable Tech Support Chatbots Navigation

Blog Archive

2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
2015