Skip links

The Solarwinds Hacking Incident & Tips for cybersecurity

What is the Solarwinds hacking incident?

A Solarwinds hacking incident allegedly committed by a Russian hacking group called Cozy Bear, aimed at American government organizations as well as private enterprises all over the world. This was identified by Microsoft which is one of the victims in this incident.

In a long campaign that is considered to have begun from March 2020, a hacker group that is presumed to be connected to the Russian government gained access to multiple US government departments’ computer systems including the US Treasury and Commerce.

The attack led to the hackers messing with the infrastructure of SolarWinds, a company that specializes in the production of network and application monitoring platforms called Orion, and also producing and distributing trojanized updates to users of the software.

SolarWinds announced on a page on its website that has been scrubbed after news broke out, that it’s clients comprised of 425 of the US Fortune 500, the top five US accounting firms, the top ten US telecom operators, the Pentagon, all branches of the US Military, the State Department, together with several universities and colleges globally.

The SolarWinds attack also enabled the hackers to gain access to FireEye, a network of US cybersecurity firms. Although the name of the group of hackers responsible was not named by FireEye, the Washington Post deduced it to be Cozy Bear or APT29, Russia’s foreign intelligence service hacking arm, the SVR.

 

How did Solarwinds hacking happen?

On December 17th 2020, Microsoft revealed in a blog this hacking incident which concerns the IT industry, such as software firms, IT services companies and IT equipment providers. Hackers managed to access a system that SolarWinds uses to put together updates to its Orion product, the company explained in a Dec. 14 filing with the SEC. From there, they inserted malicious code into otherwise legitimate software update. This is known as a supply-chain attack.

A pie chart showing recent cyberattack victims by sector | Image source: Microsoft Blog

 

Which countries have been affected by Solarwinds hacking

On December 17th 2020, Brad Smith, Chief Legal Officer of Microsoft, stated that “While roughly 80% of these customers are located in the United States, this work so far has also identified victims in seven additional countries. This includes Canada and Mexico in North America; Belgium, Spain and the United Kingdom in Europe; and Israel and the UAE in the Middle East. It is certain that the number and location of victims will keep growing.”. The world map created by Microsoft shows that the cyberattack victims are found in Brazil, Australia, South Korea, India, Japan, and Mongolia.

A map showing countries where the group hacked | Image source: Microsoft Blog

Microsoft also clarified that there is no damage to customers since the malicious code could not reach a system directly related to the product. This cyberattack incident was informed by FireEye, a Cybersecurity company in the United States as well as a victim of the incident.

 

Tips to enhance your company’s cybersecurity

Today, a cyber-attack threat keeps increasing due to the increase of remote work. Hacker tries to pull important data from you through massive amount of methods. How can we reinforce our cybersecurity?

Listed below are 7 helpful tips for both employers and employees to help prevent cyber-attacks

  • Avoid pop-ups, unknown emails, and links
  • Use strong password protection and multifactor authentication
  • Connect to secure Wi-Fi
  • Use VPN if you are using a public Wi-Fi network
  • Report if you see something suspicious, so no one else falls to the scam and you can defend the whole organization
  • Invest in security systems
  • Embrace education and training

Cyber attacks can happen to any company, no matter the size or the type of industry you operate. However, there are tips you can adopt to enhance your company’s cybersecurity.

You must secure your company’s internet connections by encrypting information. Ensure you get your wifi network safeguarded and hidden to avoid getting your network name called the Service Set Identifier (SSID) getting broadcasted by investing in a portable hotspot.

Also, consider implementing a multifactorial authentication that requires more information other than a single password to have access to your computer networks.

Train your staff as regards keeping informed of current scams going around and also ensure they take courses related to cybersecurity.

Additionally, Deploy a trusted virtual private network (VPN) to enable your staff’s entry into corporate applications and assets without jeopardizing the security of your network.

Finally, a vital thing to note is to ensure your company’s IT team keeps operating systems and applications updated and patched.

 

Here are more articles on cybersecurity: