The cyberattack on SolarWinds is one of the most significant hacker attacks on a large scale in decades. Many companies and public authorities could be affected.
At the end of 2020, hackers hacked into the servers of IT security solutions company FireEye, causing a significant stir. It emerged that the hackers had also used the stolen data to hack into other companies’ servers. In the case of SolarWinds, which also operates in the IT security field, they succeeded. A flaw in the Orion platform was exploited to hack into its computers, which is problematic because Orion is used by many private and public organizations worldwide to manage their security solutions. The scammers used a sophisticated method to trick several customers into installing a fake Orion update they had prepared – it is estimated that up to 18,000 customers could be affected, which is a large number.
Intel, Microsoft, VMware, NVIDIA, Belkin, and Cisco are involved. The US National Telecommunications and Information Administration (NTIA) is perhaps one of the largest users among the government agencies. However, the company’s customers are not limited to the US and include several agencies in Germany.
It is impossible to speculate how many of the 18,000 companies were attacked – those affected are saving what they can and not communicating the problem until they have to. It is suspected that Russian hackers carried out a series of attacks, but there is no evidence yet.
Did you know?
In the past year, many large-scale cyberattacks have taken place around the world. This has been a result of hackers discovering vulnerabilities in different software programs, and using these vulnerabilities to exploit weaknesses in an automated way to accomplish their nefarious plans.
Security breaches are occurring more frequently across industries. From home users to businesses, breaches are not only data-related but also the introduction of malware, ransomware, worms, and viruses can lead to catastrophic results. This is why it’s crucial that all companies take the time to understand the various risks their networks face and how they might be vulnerable to attack.