BOOK AN APPOINTMENT WITH AN IT SPECIALIST TODAY

Has Your Organization Been Breached By Solar Winds Malware?

Has Your Organization Been Breached By Solarwinds Malware?

Although mainstream media coverage of the massive Solarwinds hack seems to indicate the danger is over, the sophisticated hackers may still be hiding in plain sight.

Microsoft recently uncovered at least three strands of malware deployed by the alleged Russian hackers. This new revelation raises alarms across industries that the Solarwinds attacks may not be over. The question business professionals need to be answered is whether their network has been breached and if cybercriminals are actively copying and selling digital assets on the dark web.

Has Your Organization Been Breached By Solar Winds Malware?

What Is The Solar Winds Hack?

Highly skilled cybercriminals reportedly penetrated a Solarwinds system known as “Orion.” These stealth hackers managed to insert malicious code into its software products that were inadvertently dispersed to the outfit’s 33,000 customers in the form of updates.

This code created secret backdoors that allow digital thieves and spies to infiltrate wide-reaching networks, including government agencies such as the Department of Homeland Security and Treasury Department, among others. The so-called Solarwinds attacks were not limited to government targets. Malicious code has been identified in private sector organizations, and the full breadth of the cyberattacks remains unknown.

So pervasive and potentially destructive is the Solarwinds attack that congress held hearings to get a handle on its business and national security implications. Under intense questioning by lawmakers, an official from the Solarwinds reportedly blamed the breach on an intern who ignored the corporation’s cybersecurity protocols. According to news reports, the intern used the weak password “solarwinds123” and posted it online. Cybersecurity experts attribute upwards of 95 percent of breaches to human error.

Who Has Been Impacted By The Solarwinds Attacks?

To say the attacks blindsided private businesses and government agencies would be something of an understatement. Government-vetted firms such as FireEye were compromised due to the sophisticated methods used to hide the malicious code in software updates. The widespread embarrassment from organizations previously considered among the most secure has led many to believe critical information continues to be withheld. Much of the information released about the devastating breaches fails to identify the organizations that have been breached.

On the one hand, working with Solarwinds as a vendor or customer does not necessarily mean that an organization suffered a breach. But by that same token, the supply chain nature of the cyber-attack suggests that outfits outside direct Orion software users could be infected right now. That’s largely because congressional hearings and investigative reports indicate the hackers possess heightened skills, appear well-funded, and demonstrate a determination to hide in networks as long as possible to pilfer off digital assets and valuable personal data. Solarwinds appears to be an ongoing cybersecurity nightmare that should worry industry leaders.

How To Know If You Suffer A Solarwinds Breach?

As Microsoft and others continue to ferret out malicious strands of code, cybersecurity responses are being developed. Industry leaders who are concerned their organization may have been compromised enjoy access to open-sourced CodeQL queries. These are being rolled out by Microsoft to investigate incidents of Solarwinds Orion Malware laying hidden in networks.

Microsoft offers concerned parties free access to its cybersecurity software that was crafted to hunt down this malware. Decision-makers would also be wise to take the following proactive measures to ensure the integrity of their digital assets.

  • Enforce Strong Password Policies
  • Use Multi-Factor Authentication For Employee Login
  • Backup Data To Cloud & Offline Resources
  • Monitor Third-Party Controls & Interactions
  • Develop A Company-Wide Cybersecurity Policy
  • Require Employees To Undergo Cybersecurity Awareness Training
  • Maintain Enterprise-Level Firewalls & Virtual Private Networks

The Solarwinds attack highlights how clever, well-financed hackers can infiltrate seemingly impenetrable defenses such as the Department of Homeland Security. That’s why it’s essential for organizations to harden their cybersecurity defenses and deter emerging threats. However, the average business with even sound cybersecurity protections in place was no match for these Russian hackers. If you are concerned your network has been compromised through the Solawinds supply chain or by other threat actors, contact a cybersecurity expert and have your system analyzed and penetration tested.

More Like This

Apple Notes Tips

Apple Notes Tips With the dawn of the new year, January is the perfect time to get your to-do list in order. But these days, most people’s lists are complicated agendas full of work and personal items, multiple schedules, and seemingly endless tasks. To keep things straight, one thing that can help is a savvy …

Apple Notes Tips Read More »

Read More

AA22-011A: Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure

Original release date: January 11, 2022 Summary Actions Critical Infrastructure Organizations Should Implement to Immediately Strengthen Their Cyber Posture. • Patch all systems. Prioritize patching known exploited vulnerabilities. • Implement multi-factor authentication. • Use antivirus software. • Develop internal contact lists and surge support. Note: this advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge …

AA22-011A: Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure Read More »

Read More

11 Unexpected Ways to Manage Chromebook Files

11 Unexpected Ways to Manage Chromebook Files Chromebooks have been around for over a decade now, but at the beginning, they weren’t intended for file management, with the original Chromebooks not even having a Files app. Copying or moving data, finding files or wirelessly transferring and syncing files with other systems was virtually impossible. But …

11 Unexpected Ways to Manage Chromebook Files Read More »

Read More

AA21-356A: Mitigating Log4Shell and Other Log4j-Related Vulnerabilities

Original release date: December 22, 2021 Summary The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), the Computer Emergency Response Team New Zealand (CERT NZ), the New Zealand National Cyber Security Centre (NZ NCSC), and the …

AA21-356A: Mitigating Log4Shell and Other Log4j-Related Vulnerabilities Read More »

Read More

What Are Workers’ Rights in the Face of Employee Monitoring?

What Are Workers’ Rights in the Face of Employee Monitoring? As the use of technology in our everyday lives continues to increase, it’s no surprise that any legislation surrounding that technology is constantly lagging behind. After all, it’s usually impossible to know the potential dangers of technology until damage has been done. Fortunately, legislation usually …

What Are Workers’ Rights in the Face of Employee Monitoring? Read More »

Read More

Can Technology Reverse the Workforce – Depleting ‘Great Resignation’ of 2021?

Can Technology Reverse the Workforce – Depleting ‘Great Resignation’ of 2021? Although remote and other technology appears to be an underlying cause of the 2021 “Great Resignation,” it may also hold the key to a“Great Return.” Many believed the mass exodus from the workforce had peaked in April when a total of 24 million had …

Can Technology Reverse the Workforce – Depleting ‘Great Resignation’ of 2021? Read More »

Read More