BNMC Blog

A Rundown on the Largest Hack in U.S. History

A Rundown on the Largest Hack in U.S. History

2020 has brought us a lot of news that we’d rather not hear. Just days before the end of what may be regarded as one of the worst years on record, there is more. One of the largest hacks in the history of the Internet happened earlier this year and more is being learned about it each day. Today, we will tell you what we know, who it affected, and what your business needs to do to secure itself. 

How Did the Attack Happen?

In short, an IT management company known as SolarWinds was breached back in March, affecting a massive number of organizations—18,000 in all. These organizations include the likes of Microsoft, Cisco, and FireEye, as well as many states and federal organizations, including:

  • The U.S. Department of State
  • The U.S. Department of the Treasury
  • The U.S. Department of Homeland Security
  • The U.S. Department of Energy
  • The U.S. National Telecommunications and Information Administration
  • The National Institutes of Health, of the U.S. Department of Health
  • The U.S. National Nuclear Security Administration

When the attackers gained access to SolarWinds’ network, they were able to use what is known as a supply chain attack to introduce their malware to these departments and organizations by pushing it through the company’s automatic software update system for their Orion products. These kinds of attacks can be particularly effective since the threat is introduced to an environment via a trusted application.

Making this situation worse, many SolarWinds customers had excluded Orion products from their security checks on SolarWinds’ recommendation to prevent their other security products from shutting them down due to the malware signatures that these security products contain.

While (at the time of this writing) it is unclear what the attackers responsible used this access to do, the potential ramifications are truly terrifying. While government departments were targeted, it also needs to be said that this attack could have potentially continued from the major providers like Microsoft and Cisco to their clients, and so on and so forth. That’s why there is still no estimate of this attack’s true scope.

This attack was seemingly only discovered when an employee at FireEye received an alert that their VPN credentials had been used from a new device, and a little digging revealed the much larger situation playing out.

This Wasn’t the Only Attack, Either

Another attack was also discovered on SolarWinds’ network when the company performed an internal audit of its systems. On December 18, a second malware was found to have used the same tactic to infiltrate SolarWinds, but as of this writing does not seem to come from the same source.

What This Needs to Teach Us

Frankly, the most important lessons to be learned here are painfully obvious. First off, cybersecurity needs to be prioritized above all else, and all potential threats should be considered a likelihood. After all, the U.S. government was warned about the viability of exactly this kind of threat back in 2018 by the Government Accountability Office.

Secondly, the concept of your employees being a huge part of your cybersecurity strategy needs to be reinforced. This was only discovered when an employee was alerted of unusual activity and took that alert seriously. Your team needs to know what they are looking out for, and how to proceed if they spot it.

We may not know the complete set of ramifications of this attack for a while, but your business can take the steps it needs to secure your business network and infrastructure. Call the IT experts at BNMC today at 978-482-2020 to get a complete assessment and consultation on how to keep hackers and scammers off of your network.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Saturday, January 23 2021

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://www.bnmc.net/

Subscribe to Our Blog!

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week Best Practices Technology Productivity Business Computing User Tips Privacy Cloud Email Microsoft Network Security Software Hackers Efficiency Business Workplace Tips Hosted Solutions Data Hardware Computer Google Malware IT Services Communication IT Support Mobile Devices Small Business Android Mobile Device Smartphone Internet Cloud Computing Tech Term Phishing Ransomware Data Recovery Backup Managed IT Services Smartphones Innovation Users Windows VoIP Outsourced IT Saving Money Network Information Cybersecurity Miscellaneous Upgrade Microsoft Office Browser Passwords Data Backup Facebook Social Media Quick Tips communications Windows 10 Disaster Recovery Server Office 365 Business Continuity Business Management Managed Service Productivity Internet of Things Managed IT Services COVID-19 Data Management Apps Windows 10 Collaboration Word Vulnerability Gadgets Remote Monitoring Save Money Remote Work Analytics App Artificial Intelligence Gmail Encryption Remote Workers Money Chrome WiFi Managed Service Provider Router Mobile Office Government Infrastructure Conferencing BYOD Tip of the week IT Support Display Spam Settings Employer-Employee Relationship Networking Information Technology Google Drive VPN Access Control Paperless Office Applications Virtual Reality Website Company Culture Holiday Hacker Data storage Maintenance Firewall Big Data Avoiding Downtime Antivirus Development Document Management Operating System Wireless Robot HIPAA BDR Bandwidth Automation Content Filtering YouTube End of Support IT Management Data Security Business Technology Apple Risk Management Virtual Private Network Education Storage Office Tips Unified Threat Management Wi-Fi Computers Employee-Employer Relationship MSP The Internet of Things Augmented Reality Two-factor Authentication Managing Stress Retail Alert Managed IT Service OneNote Downtime Outlook Cybercrime Data Breach Customer Relationship Management Scam Computing Bring Your Own Device Windows 7 IT Marketing Vendor Management Solid State Drive Software as a Service Break Fix Social Social Network Monitors LiFi Search Humor Chromebook Identity Theft Hosted Solution Best Practice Training Administration Hard Disk Drive Vendor Mobile Security Mouse Server Management Going Green Compliance Business Intelligence iOS Remote Computing Touchscreen Managed IT Tablet SaaS Data loss How To Printing Regulations Password Telephone Systems desktop Managed Services Virtualization Laptop Device Reducing Cost Bluetooth Comparison user treats Cookies Dark Data Update Digital Mixed Reality Firefox Superfish Shadow IT K-12 Schools Meetings Disaster Deep Learning Files Social Networking Migration Consulting Address Permissions Mobile Device Management Memes Computing Infrastructure Professional Services LED Threats Chatbots eWaste Politics Laptops Patch Management Instant Messaging Star Wars PowerPoint User Error Management Uninterrupted Power Supply Mobility Batteries Specifications Alt Codes Shopping Nanotechnology Customer Service Spyware Gamification Wearable Technology Network upgrade Work/Life Balance Heating/Cooling Multi-Factor Security RMM Motherboard Cables Health Private Cloud Computer Care IBM Alerts USB Office Samsung File Sharing Co-Managed IT Policy Identity Continuity Tech Support Managed Services Provider Fraud Cost Management Onboarding GDPR Time Management Printer Budget Print Toner Myths Black Friday Typing Employees Screen Reader Charging Slack Hard Disk Drives Smart Office Huawei Servers Google Calendar Banking Wires Corporate Profile Messaging Emergency Current Events Holidays Licensing Dongle Social Engineering Content Procedure Solar Websites G Suite Entertainment Dark Web Distribution Assessment Twitter Automobile Halloween Digital Signage Data Warehouse Network Management Dell Shortcuts Mobile Management Cyber Monday Cryptocurrency Gig Economy Smart Tech Monitoring Solid State Drives Work Streaming Processor Legislation Google Docs Reviews Voice over Internet Protocol WannaCry Employee-Employer Relationships IT solutions Payment Card Cooperation Service Level Agreement Safety Cabling PCI DSS Hybrid Cloud Microsoft Excel Hacks Logistics Hotspot Internet Exlporer Google Maps Scary Stories Troubleshooting Business Analysis SharePoint IT Technicians Optimization Security Cameras Profiles Smart Technology Bitcoin FBI Connectivity Network Congestion Running Cable Spying National Security Techology Google Wallet Human Error Memory Statistics Business Growth Remote Modem FinTech Analysis Students Lenovo Inventory Staff Leominster Buisness Downloads Legal Battery Virtual Desktop Scalability Mail Merge Blockchain Asset Management Language Value Writing Sports Virus Mirgation Recycling Utility Computing Shortcut Distributed Denial of Service Windows 8 K-12 Education IoT Digital Payment Updates VoIP Unified Threat Management Unified Communications Drones Peripheral Tracking Computer Repair Relocation Cleaning Mobile Data CCTV Webcam Recovery How To Mobile Computing Financial Black Market Error Law Enforcement Point of Sale Ben McDonald shares Electronic Medical Records Notifications Travel Physical Security Upgrades Gadget Regulation Emoji Supercomputer CrashOverride Staffing Crowdsourcing Motion Sickness Personal Information Botnet Taxes Administrator 3D Printing Web Server what was your? Cortana IT Budget GPS Machine Learning IT Consultant Processors Printers Unsupported Software Cameras

What Our Clients Say

  • BNMC has provided us with nothing less than outstanding service and results for all of our IT needs for the past few years. Every member of their staff is professional, knowledgeable, friendly and eager to solve any problem...
  • 1
  • 2
  • 3