Over 18,000 Infected from SolarWinds Data Breach – What Happened?

Over 18,000 Infected from SolarWinds Data Breach – What Happened?

This month, it was discovered that SolarWinds, a national IT software and infrastructure company, suffered a devastating data breach. By using a Trojan horse system, cybercriminals were able to infect more than 18,000 companies. While this plot was uncovered in December, in actuality, this siphoning of invaluable company information had been happening since March – undetected. 

Let’s take a closer look at what happened and what you need to know. 

 Who is SolarWinds?

As mentioned above, SolarWinds is an IT management software and remote monitoring platform built for IT departments and IT providers. They’ve been in the industry for 20 years and have won several awards for their services over the years, including several 2020 TrustRadius top product awards.

Unfortunately, as we’ve discussed in previous blogs, no one is 100% impervious to cyber hackers that are consistently adapting their criminal tactics. If you’re not diligent with your protections, the smallest opportunity could lead to an attack. For example, while looking closely into their SolarWinds hack, cybersecurity company FireEye discovered a single line of code that put SolarWinds and their tool, Orion, at risk. 

What Happened?

From the spring of 2020 on, SolarWinds’ enterprise platform, Orion, was quietly compromised by attackers. The Orion update servers were weaponized, affecting 18,000+ private and government organizations, including the Departments of State, Homeland Security, Energy, Treasury, Commerce, the Pentagon and the National Institutes of Health.

The SolarWinds breach was caused by what’s known as a supply chain attack. This means that cyber hackers got crafty and chose to target a popular IT platform instead of individual companies. And their creativity paid off, as they were able to steal information for over half the year silently. 

Cyber hackers were able to access the SolarWinds system through one line of malicious code in a spring 2020 update for Orion. Then, they established their own at-will entrance into the systems, where they could roam about in SolarWinds’ platform undetected, gaining more and more access to vulnerable information. 

Experts say that, due to the size and longevity, this could go down as one of the largest, most damaging breaches in history. 

Should Switchfast Customers be Concerned?

Not to worry – Switchfast does not use the SolarWinds Orion monitoring platform. But, because of this attack’s record-breaking reach, we responded with an internal assessment just in case. With the information available to us, we can say that Switchfast has not identified intrusions such as those reported and has not been infected. 

To keep an eye on this breach, we’ll continue these assessments as new information becomes available. We’re currently working with our external IT security partners to monitor any intrusions from this breach or others in the future and questioning our vendors on the potential use of SolarWinds products. 

How Small Businesses Can Prepare 

If you haven’t assessed your small business’ cybersecurity measures in a few years, now’s the time to do so. Thanks to the boom in remote working, cyber-attacks have increased exponentially as digital criminals level up their skills. 

To lessen the likelihood of being a ransomware victim, make sure your company is following these best practices:

  • Keep your antivirus and anti-malware software updated
  • Consistently update your devices to avoid any missing patches or bug fixes
  • Remind your employees to not click or download email attachments from unknown senders
  • Mandate that your employees choose strong passwords
  • Choose a password manager for your company
  • Make sure your internet connection is secure and keep your antivirus programs up to date

While following these tips is a great place to start, we strongly suggest investing in a managed services provider to ensure ultimate digital protection. 

With a managed services provider, you’re not only ensured round-the-clock monitoring and proactive cybersecurity measures. You’ll have access to your MSP’s expertise and security competence, along with a knowledgeable, trustworthy partner to help keep your business safe.

However, one of the best preparations for an attack is end-user security training. So don’t rely exclusively on your vendors and partners to protect you. You and your human resources are part of the equation. 

If you have any additional questions on this breach or would like to learn more about Switchfast’s cybersecurity services, please feel free to email our VP of Client Services, tschmitt@switchfast.com.