You are here: Home Blog ClearView IT Huge Cybersecurity Breach Affecting Major U.S. Organizations is the Biggest One Yet

ClearView IT Blog

ClearView IT has been serving the Phoenix area since 2005, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Font size: +
Print

Huge Cybersecurity Breach Affecting Major U.S. Organizations is the Biggest One Yet

ClearView IT Blog Alerts
0 Comments
Huge Cybersecurity Breach Affecting Major U.S. Organizations is the Biggest One Yet

Honestly, it shouldn’t be surprising that 2020 has come to an end with news of a massive cyberespionage attack—the biggest ever, as a matter of fact. Let’s dive into what we know, and what it signifies.

 How Did the Attack Happen?

In short, an IT management company known as SolarWinds was breached back in March, affecting a massive number of organizations—18,000 in all. These organizations include the likes of Microsoft, Cisco, and FireEye, as well as many states and federal organizations, including:

  • The U.S. Department of State
  • The U.S. Department of the Treasury
  • The U.S. Department of Homeland Security
  • The U.S. Department of Energy
  • The U.S. National Telecommunications and Information Administration
  • The National Institutes of Health, of the U.S. Department of Health
  • The U.S. National Nuclear Security Administration

When the attackers gained access to SolarWinds’ network, they were able to use what is known as a supply chain attack to introduce their malware to these departments and organizations by pushing it through the company’s automatic software update system for their Orion products. These kinds of attacks can be particularly effective since the threat is introduced to an environment via a trusted application.

Making this situation worse, many SolarWinds customers had excluded Orion products from their security checks on SolarWinds’ recommendation to prevent their other security products from shutting them down due to the malware signatures that these security products contain.

While (at the time of this writing) it is unclear what the attackers responsible used this access to do, the potential ramifications are truly terrifying. While government departments were targeted, it also needs to be said that this attack could have potentially continued from the major providers like Microsoft and Cisco to their clients, and so on and so forth. That’s why there is still no estimate of this attack’s true scope.

This attack was seemingly only discovered when an employee at FireEye received an alert that their VPN credentials had been used from a new device, and a little digging revealed the much larger situation playing out.

This Wasn’t the Only Attack, Either

Another attack was also discovered on SolarWinds’ network when the company performed an internal audit of its systems. On December 18, a second malware was found to have used the same tactic to infiltrate SolarWinds, but as of this writing does not seem to come from the same source.

What This Needs to Teach Us

Frankly, the most important lessons to be learned here are painfully obvious. First off, cybersecurity needs to be prioritized above all else, and all potential threats should be considered a likelihood. After all, the U.S. government was warned about the viability of exactly this kind of threat back in 2018 by the Government Accountability Office.

Secondly, the concept of your employees being a huge part of your cybersecurity strategy needs to be reinforced. This was only discovered when an employee was alerted of unusual activity and took that alert seriously. Your team needs to know what they are looking out for, and how to proceed if they spot it.

It is going to be some time before it becomes clear how deeply this threat went, assuming it ever does. Regardless, we want you to remember that ClearView IT is here to help protect your business from as many IT issues as possible so that you can be more productive. To find out more about what we offer, give us a call at 866-326-7214 today.

Tweet
Tags:
Security Network Security Vendor
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Saturday, 05 July 2025
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Search the Blog

Blog Categories

Tag Cloud

Tip of the Week Security Technology Best Practices Business Computing Hackers Productivity Software Network Security Privacy Data Cloud Business User Tips IT Support Internet Hardware Innovation Malware Email Hosted Solutions Efficiency Workplace Tips Computer Google Microsoft Collaboration Android Business Management Cybersecurity Phishing IT Services Backup Data Backup Ransomware communications Smartphone Upgrade Smartphones Small Business Microsoft Office Mobile Devices Network Data Recovery Communication Managed IT Services Quick Tips Productivity Social Media VoIP Users Mobile Device Automation Tech Term Windows 10 Facebook Business Continuity Passwords Holiday Covid-19 Disaster Recovery Windows 10 IT Support Apps Browser Managed Service Cloud Computing Outsourced IT Miscellaneous Internet of Things Managed Service Provider Data Management Remote Work Government Saving Money Operating System Artificial Intelligence Managed IT services Networking Windows Gadgets Workplace Strategy Bandwidth WiFi Business Technology Encryption Blockchain Mobile Device Management App Virtualization Server Information Spam Remote Employee/Employer Relationship Budget Gmail Office Two-factor Authentication Apple Office 365 History Information Technology BDR Analytics Cybercrime Wi-Fi Big Data Conferencing Access Control Data Security Health Remote Monitoring Document Management Remote Computing Save Money Compliance IT Management Voice over Internet Protocol Training Help Desk Hacking Cost Management Employer-Employee Relationship Patch Management Vendor Hacker Project Management Vulnerabilities Customer Service Data storage Hiring/Firing Unified Threat Management Outlook Firewall Password Augmented Reality Word Mobile Office IBM Website Data loss BYOD Managed Services Computing Vendor Management Hard Drive Search... Best Practice Applications Retail Legal Alert Money Windows 11 User Social Sports Monitoring SaaS DDoS Healthcare Websites Travel Virtual Reality Meetings Mobility iPhone Social Engineering Education Cryptocurrency Chrome Cortana Black Market Remote Workers Content Filtering Google Maps Cleaning Scam Windows 7 Free Resource Robot Router Mobile Computing VPN How To The Internet of Things Marketing Update YouTube Running Cable Data Breach Twitter Laptop Storage Paperless Office Antivirus Law Enforcement End of Support Printer Maintenance Virtual Desktop Identity Theft Cooperation Experience HIPAA Hack Multi-factor Authentication Video Conferencing Notifications Unified Communications Start Menu Virtual Machines Computer Care Downloads Computer Repair Google Docs Saving Time Vulnerability Bluetooth Professional Services Disaster Distributed Denial of Service Software as a Service Office Tips Computers Private Cloud Bitcoin Memory Data Protection Lithium-ion battery Telephone Managed Services Provider PowerPoint Virtual Private Network Politics Administration Processors Machine Learning Excel Settings Presentation Specifications Current Events IT Consultant Solid State Drive Tech Terms Solutions Managed IT Digital Customer Relationship Management Virtual Assistant Images 101 Co-Managed IT Chromebook Integration Drones Entertainment Display Taxes Wireless Technology Automobile eWaste Processor Employees How To Microchip Avoiding Downtime Downtime Safety Flexibility Holidays Physical Security User Tip Legislation Reliable Computing News Virtual Machine Writing Optimization CCTV Evernote Network Management Reviews Printing 2FA Touchscreen Teamwork Computer Malfunction Proxy Server Supply Chain Emails Data Storage Scalability Fake News Emergency Hypervisor Text Messaging Vendor Mangement Medical IT Proactive IT Staffing Service Level Agreement Shopping Administrator Computing Infrastructure IP Address Paperless Device security Bring Your Own Device SQL Server Samsung Business Owner Management Webcam Workplace Wireless Headphones PCI DSS Microsoft Excel Licensing Uninterrupted Power Supply Humor Business Mangement Music Tech Going Green Gig Economy Business Cards Business Communications Internet Service Provider Azure Tablets Error Bookmark Scams Regulations Compliance Managed IT Service Memes Supercomputer Term Recovery Download Competition Botnet Piracy Google Calendar Human Resources HTML Net Neutrality Rental Service Virus Micrsooft Inbound Marketing LiFi Motion Sickness Browsers Cables Nanotechnology Entrepreneur Financial Data Flash IT Telephone Systems Google Drive Business Growth Google Play Documents Upload Application Risk Management Software License Comparison Social Network Google Apps Business Intelligence Electronic Payment Data Analysis Point of Sale Screen Reader Telework Knowledge Corporate Profile Mobile Technology Television Communitications Banking Telephony Microsoft 365 Google Wallet Employer Employee Relationship Security Cameras Securty Trends Smartwatch Customer Resource management Domains Shortcuts Devices Procurement Messenger Deep Learning Cabling Tablet G Suite Fileless Malware Phone System FinTech Tip of the week Company Culture Mouse IT Assessment Business Metrics VoIP Hosted Solution Tracking Gamification CES Telephone System Be Proactive Regulations Supply Chain Management Books Value Language Society Web Server Directions Backup and Disaster Recovery Organization Cyber security Desktop SharePoint Smart Devices Digital Payment Content Public Speaking Streaming Media Visible Light Communication Electronic Medical Records Workplace Strategies Computer Accessories Accountants Remote Working Reading Monitors Worker Trend Micro Access Windows 8 Database Keyboard AI Hard Drives Digital Security Cameras Electronic Health Records Time Management Transportation Public Cloud Advertising Health IT Equifax intranet Relocation Wasting Time Displays eCommerce Work/Life Balance Spyware Modem Tech Support Wireless Tactics Shortcut Hard Drive Disposal Audit Heating/Cooling Videos Environment Surveillance File Sharing Username Windows XP Smart Technology Startup Social Networking Freedom of Information Redundancy Managing Costs Cache SSID Navigation Addiction In Internet of Things email scam Media Mobile Security Development Hacks Unified Threat Management Employer/Employee Relationships Network Congestion Workers Troubleshooting

Blog Archive

Recent Comments

No comments yet.

Interested In A Free Consultation?

Click Here