In March of 2020, just as the COVID-19 pandemic was beginning to make its way around the globe, a group of hackers backed by a foreign government was able to penetrate a number of different areas of the United States federal government. These rogue actors were able to do so by taking advantage of vulnerabilities in software from three US-based companies: Microsoft, VMware and SolarWinds. To make matters worse, not only did the breach go undiscovered until December of 2020… but it may very well still be going on.
It’s already been called “among the worst cyber-espionage incidents ever” in the United States, and believe it or not its worse than you think. More than 200 different organizations around the globe have already been reported to have been impacted by the attack in some way, and that is one unfortunate trend that shows no signs of slowing down anytime soon.
Why the SolarWinds Hack Went From “Bad” to “Worse”
In case you’re just catching up, the actual SolarWinds attack (named for the company who distributes the software that allowed the attack to happen in the first place) occurred as follows.
SolarWinds, a software company based in Texas, sells a very popular utility that gives organizations more insight into what is happening on their computer networks. This software is called Orion. At some point during 2020, after breaching the SolarWinds network, hackers inserted malicious code into an update of Orion. Soon thereafter, more than 18,000 SolarWinds customers installed that rogue update, essentially giving those hackers unrestricted access to every last kilobyte of data contained on their systems.
All it takes is one look at the list of impacted organizations to see how big of a deal this really is. In addition to the Centers for Disease Control and Prevention and the United States Justice Department, the SolarWinds hack was known to affect most Fortune 500 companies, computer systems associated with the European Parliament, systems belonging to NATO and more.
But the factor that makes this close to a “worst case scenario” in terms of cyber security isn’t just the idea that the attack was able to go on undetected for several months. It’s that literally nobody knows the full extent of the damage and what incredibly sensitive information the hackers were able to compromise. Likewise, the attack itself is likely still going on – meaning that the damage is only going to get worse in the weeks and months ahead.
As of January 11, 2021, there is still no word yet on what a potential US response to the hack will be. One thing is for certain, however: this is a dire scenario that people need to be paying close, careful attention to for the foreseeable future.
If you’d like to find out more about the extent of the damage caused by the SolarWinds hack of 2020, or if you’d just like to discuss your own needs with someone in a bit more detail, please don’t delay – contact contact HI-TEX Solutions today.