You are here: Home Blog ClearView IT Huge Cybersecurity Breach Affecting Major U.S. Organizations is the Biggest One Yet

ClearView IT Blog

ClearView IT has been serving the Phoenix area since 2005, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Font size: +
Print

Huge Cybersecurity Breach Affecting Major U.S. Organizations is the Biggest One Yet

ClearView IT Blog Alerts
0 Comments
Huge Cybersecurity Breach Affecting Major U.S. Organizations is the Biggest One Yet

Honestly, it shouldn’t be surprising that 2020 has come to an end with news of a massive cyberespionage attack—the biggest ever, as a matter of fact. Let’s dive into what we know, and what it signifies.

 How Did the Attack Happen?

In short, an IT management company known as SolarWinds was breached back in March, affecting a massive number of organizations—18,000 in all. These organizations include the likes of Microsoft, Cisco, and FireEye, as well as many states and federal organizations, including:

  • The U.S. Department of State
  • The U.S. Department of the Treasury
  • The U.S. Department of Homeland Security
  • The U.S. Department of Energy
  • The U.S. National Telecommunications and Information Administration
  • The National Institutes of Health, of the U.S. Department of Health
  • The U.S. National Nuclear Security Administration

When the attackers gained access to SolarWinds’ network, they were able to use what is known as a supply chain attack to introduce their malware to these departments and organizations by pushing it through the company’s automatic software update system for their Orion products. These kinds of attacks can be particularly effective since the threat is introduced to an environment via a trusted application.

Making this situation worse, many SolarWinds customers had excluded Orion products from their security checks on SolarWinds’ recommendation to prevent their other security products from shutting them down due to the malware signatures that these security products contain.

While (at the time of this writing) it is unclear what the attackers responsible used this access to do, the potential ramifications are truly terrifying. While government departments were targeted, it also needs to be said that this attack could have potentially continued from the major providers like Microsoft and Cisco to their clients, and so on and so forth. That’s why there is still no estimate of this attack’s true scope.

This attack was seemingly only discovered when an employee at FireEye received an alert that their VPN credentials had been used from a new device, and a little digging revealed the much larger situation playing out.

This Wasn’t the Only Attack, Either

Another attack was also discovered on SolarWinds’ network when the company performed an internal audit of its systems. On December 18, a second malware was found to have used the same tactic to infiltrate SolarWinds, but as of this writing does not seem to come from the same source.

What This Needs to Teach Us

Frankly, the most important lessons to be learned here are painfully obvious. First off, cybersecurity needs to be prioritized above all else, and all potential threats should be considered a likelihood. After all, the U.S. government was warned about the viability of exactly this kind of threat back in 2018 by the Government Accountability Office.

Secondly, the concept of your employees being a huge part of your cybersecurity strategy needs to be reinforced. This was only discovered when an employee was alerted of unusual activity and took that alert seriously. Your team needs to know what they are looking out for, and how to proceed if they spot it.

It is going to be some time before it becomes clear how deeply this threat went, assuming it ever does. Regardless, we want you to remember that ClearView IT is here to help protect your business from as many IT issues as possible so that you can be more productive. To find out more about what we offer, give us a call at 866-326-7214 today.

Tweet
Tags:
Security Network Security Vendor
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, 05 May 2025
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Search the Blog

Blog Categories

Tag Cloud

Tip of the Week Security Technology Best Practices Business Computing Hackers Productivity Software Privacy Network Security Data Cloud Business User Tips IT Support Internet Hardware Innovation Email Hosted Solutions Malware Efficiency Workplace Tips Computer Google Microsoft Collaboration Android Business Management Cybersecurity Phishing IT Services Backup Data Backup Ransomware Smartphone communications Smartphones Microsoft Office Small Business Upgrade Network Mobile Devices Managed IT Services Communication Data Recovery Productivity Quick Tips Social Media VoIP Users Mobile Device Tech Term Automation Business Continuity Facebook Windows 10 Passwords Holiday Covid-19 Disaster Recovery Managed Service Apps Windows 10 IT Support Browser Miscellaneous Cloud Computing Outsourced IT Internet of Things Data Management Managed Service Provider Remote Work Government Saving Money Operating System Gadgets Artificial Intelligence Managed IT services Workplace Strategy Networking Windows Bandwidth Server Encryption Blockchain App Virtualization WiFi Spam Mobile Device Management Business Technology Information Remote Employee/Employer Relationship Information Technology History Gmail Office Budget Two-factor Authentication Office 365 Apple Cybercrime Access Control Data Security Health Big Data Analytics Wi-Fi BDR Conferencing Vendor Compliance Employer-Employee Relationship Document Management Voice over Internet Protocol Patch Management Save Money Help Desk Remote Monitoring Remote Computing Hacking IT Management Training Hacker Cost Management Applications Customer Service Unified Threat Management Search... Firewall Best Practice Legal Vulnerabilities Augmented Reality Word Data storage Retail IBM Alert Mobile Office Website Hiring/Firing Managed Services Project Management Outlook Data loss Password BYOD Computing Vendor Management Hard Drive Money Social Sports Running Cable VPN DDoS SaaS Law Enforcement End of Support Printer Update Storage iPhone Monitoring Cortana Education Healthcare Content Filtering Remote Workers Paperless Office Travel Antivirus Windows 7 Router Virtual Reality Social Engineering Free Resource Maintenance User Cryptocurrency Black Market Windows 11 The Internet of Things How To YouTube Cleaning Robot Websites Chrome Meetings Mobility Laptop Google Maps Scam Mobile Computing Data Breach Twitter Marketing Cooperation Customer Relationship Management How To Microchip Video Conferencing Tech Terms Co-Managed IT Flexibility Entertainment Managed IT Virtual Machines Computer Repair Disaster Digital Multi-factor Authentication Professional Services Hack Identity Theft Notifications Taxes Lithium-ion battery Unified Communications Saving Time Google Docs Bluetooth Managed Services Provider Bitcoin Processors HIPAA Distributed Denial of Service Computers Virtual Private Network Office Tips Physical Security Telephone Private Cloud Memory Current Events Excel Solutions Start Menu Computer Care Politics Downloads Machine Learning Settings Integration Vulnerability Wireless Technology Images 101 eWaste Display Software as a Service Solid State Drive Virtual Assistant PowerPoint Data Protection Downtime Administration Safety Employees Drones Avoiding Downtime Presentation Chromebook Specifications Automobile Holidays Virtual Desktop IT Consultant Experience Processor Employer Employee Relationship Username Relocation Displays Virtual Machine Television Advertising Telephony Tech Support Shortcuts Cabling Reviews Startup Work/Life Balance Optimization Freedom of Information email scam Teamwork Staffing Tablet Navigation 2FA G Suite Addiction Computer Accessories Tracking Data Storage Mobile Security Hypervisor Mouse VoIP IP Address Medical IT Be Proactive User Tip In Internet of Things Shopping Legislation News Hacks Network Congestion SQL Server Evernote Paperless Web Server Network Management Digital Payment Reliable Computing PCI DSS Writing Licensing SharePoint Workplace Strategies Worker Proxy Server Gig Economy Emails Humor Fake News Internet Service Provider Computing Infrastructure Azure Recovery Access Competition Business Communications Service Level Agreement Public Cloud Management Scalability Regulations Compliance Device security Managed IT Service Time Management Proactive IT Entrepreneur Administrator Wireless Headphones Text Messaging Memes LiFi Microsoft Excel Going Green Bring Your Own Device Net Neutrality Business Cards Audit Documents Troubleshooting Spyware Application Tech Human Resources File Sharing Business Intelligence Error Financial Data Music Redundancy Smart Technology Bookmark Risk Management IT Download Piracy Securty Cache Term Google Apps Domains Workers Telework HTML Unified Threat Management Microsoft 365 Browsers Botnet Smartwatch Nanotechnology Communitications Upload Rental Service Procurement Software License Micrsooft Printing Business Owner Google Play CCTV Touchscreen Social Network FinTech Flash Business Growth Emergency Supply Chain Data Analysis CES Computer Malfunction Screen Reader Telephone Systems IT Assessment Trends Supply Chain Management Mobile Technology Value Vendor Mangement Public Speaking Security Cameras Samsung Customer Resource management Organization Devices Cyber security Streaming Media Tip of the week Google Wallet Workplace Uninterrupted Power Supply Keyboard Fileless Malware Webcam Banking Smart Devices Gamification Messenger Remote Working Company Culture Deep Learning Inbound Marketing Business Mangement Hard Drives Tablets intranet Telephone System AI Regulations Trend Micro Hosted Solution Transportation Wireless Scams Shortcut Directions Digital Security Cameras Backup and Disaster Recovery Business Metrics Electronic Health Records Supercomputer Environment Content Books Desktop Wasting Time Google Calendar Heating/Cooling Virus Social Networking Electronic Medical Records Accountants Language eCommerce Windows XP Electronic Payment Society Modem Surveillance Cables Videos Motion Sickness Database Reading Monitors Managing Costs Comparison Visible Light Communication Google Drive SSID Phone System Health IT Equifax Windows 8 Development Hard Drive Disposal Employer/Employee Relationships Knowledge Point of Sale Corporate Profile Media Tactics

Blog Archive

Recent Comments

No comments yet.

Interested In A Free Consultation?

Click Here