By Chris Griesemer
I follow Kim Zetter (@KimZetter) on Twitter. She is a cybersecurity journalist and gave a good explanation of what is known so far with the SolarWinds hack.
To start with, SolarWinds provides IT infrastructure management software which helps manage and monitor the performance of an organization’s IT environments. According to their website, they provide IT Asset Management, IT Security Solutions, Compliance Solutions and Database Management, to name just a few.
Kim explained SolarWinds software is used at some of the highest levels of government, including the White House and the National Security Agency. It is believed SolarWinds was compromised by hackers inserting malicious code into SolarWinds applications without them knowing about it. Once infected, it opened a backdoor into the system and allowed the hackers to begin stealing sensitive data on those networks.
Apparently, this happened back in March and their activity was just recently discovered, so for the past 9 to 10 months, it is believed the nation-state of Russia has been inside Government systems stealing data and spying on Government workers without anyone knowing about it.
SolarWinds has a very lengthy customer list. According to their website, they service more than 425 of the US Fortune 500 companies; all five of the top five US accounting firms, hundreds of Universities and Colleges. On top of these industries, SolarWinds’ website shows they provide services to Cisco, Fiserv and Symantec.
According to Kim, this was a national security hack focused on high level targets or data. It is possible a citizen’s personal data could have been compromised, but right now, it is believed the target was high up government officials.
She also says there is still a lot that is unknown.
Right now, an inventory of all applications should be performed to see if SolarWinds or a customer of SolarWinds is providing services to your organization. Once identified, contact those companies and find out what they are doing to identify any possible security breaches. Next, contact your IT department, or if you are using a 24/7 monitoring service, you need to find out if they are aware of the SolarWinds hack and what they are doing to increase monitoring of their clients.
As more information is discovered, The Whitlock Co will continue to keep you updated. Please let us know if you have any questions.