You are here: Blog Josh Coppage Is Your Team Truly Proficient in Your Business Technology?

Voyage Tech Blogs

Voyage Technology has been serving the Beaver Dam area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Font size: +
Print

Huge Cybersecurity Breach Affecting Major U.S. Organizations is the Biggest One Yet

Voyage Technology Blog Alerts
0 Comments
Huge Cybersecurity Breach Affecting Major U.S. Organizations is the Biggest One Yet

Honestly, it shouldn’t be surprising that 2020 has come to an end with news of a massive cyberespionage attack—the biggest ever, as a matter of fact. Let’s dive into what we know, and what it signifies.

 How Did the Attack Happen?

In short, an IT management company known as SolarWinds was breached back in March, affecting a massive number of organizations—18,000 in all. These organizations include the likes of Microsoft, Cisco, and FireEye, as well as many states and federal organizations, including:

  • The U.S. Department of State
  • The U.S. Department of the Treasury
  • The U.S. Department of Homeland Security
  • The U.S. Department of Energy
  • The U.S. National Telecommunications and Information Administration
  • The National Institutes of Health, of the U.S. Department of Health
  • The U.S. National Nuclear Security Administration

When the attackers gained access to SolarWinds’ network, they were able to use what is known as a supply chain attack to introduce their malware to these departments and organizations by pushing it through the company’s automatic software update system for their Orion products. These kinds of attacks can be particularly effective since the threat is introduced to an environment via a trusted application.

Making this situation worse, many SolarWinds customers had excluded Orion products from their security checks on SolarWinds’ recommendation to prevent their other security products from shutting them down due to the malware signatures that these security products contain.

While (at the time of this writing) it is unclear what the attackers responsible used this access to do, the potential ramifications are truly terrifying. While government departments were targeted, it also needs to be said that this attack could have potentially continued from the major providers like Microsoft and Cisco to their clients, and so on and so forth. That’s why there is still no estimate of this attack’s true scope.

This attack was seemingly only discovered when an employee at FireEye received an alert that their VPN credentials had been used from a new device, and a little digging revealed the much larger situation playing out.

This Wasn’t the Only Attack, Either

Another attack was also discovered on SolarWinds’ network when the company performed an internal audit of its systems. On December 18, a second malware was found to have used the same tactic to infiltrate SolarWinds, but as of this writing does not seem to come from the same source.

What This Needs to Teach Us

Frankly, the most important lessons to be learned here are painfully obvious. First off, cybersecurity needs to be prioritized above all else, and all potential threats should be considered a likelihood. After all, the U.S. government was warned about the viability of exactly this kind of threat back in 2018 by the Government Accountability Office.

Secondly, the concept of your employees being a huge part of your cybersecurity strategy needs to be reinforced. This was only discovered when an employee was alerted of unusual activity and took that alert seriously. Your team needs to know what they are looking out for, and how to proceed if they spot it.

It is going to be some time before it becomes clear how deeply this threat went, assuming it ever does. Regardless, we want you to remember that Voyage Technology is here to help protect your business from as many IT issues as possible so that you can be more productive. To find out more about what we offer, give us a call at 800.618.9844 today.

Tweet
Tags:
Security Network Security Vendor
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, 04 July 2025

Captcha Image

Sign Up For Our Newsletter!

Blog Categories

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Technology Tip of the Week Best Practices Business Computing Data Productivity Business Software Innovation Hackers Cloud Network Security User Tips Hardware Internet Efficiency IT Support Malware Privacy Google Email Computer Workplace Tips Phishing Hosted Solutions IT Services Collaboration Users Mobile Device Workplace Strategy Ransomware Small Business Quick Tips Cybersecurity Microsoft Communication Passwords Data Backup Saving Money Smartphone Backup Android Managed Service Business Management VoIP Smartphones Mobile Devices communications Upgrade Disaster Recovery Browser Data Recovery Social Media Microsoft Office Windows Managed IT Services Current Events Productivity Tech Term Network Remote Internet of Things Facebook AI Automation Artificial Intelligence Gadgets Cloud Computing Holiday Covid-19 Miscellaneous Server Remote Work Managed Service Provider Outsourced IT Information Compliance Encryption Spam Training Employee/Employer Relationship Office Windows 10 Business Continuity Government Data Management Virtualization Blockchain Wi-Fi Business Technology IT Support Windows 10 Bandwidth Data Security Apps Vendor Two-factor Authentication Mobile Office Managed Services Voice over Internet Protocol Apple Networking App Employer-Employee Relationship BYOD Mobile Device Management Chrome Gmail Budget WiFi How To BDR HIPAA Computing Hacker Applications Information Technology Avoiding Downtime Access Control Marketing Office 365 Tip of the week Conferencing Storage Password Bring Your Own Device Big Data Healthcare Managed IT Services Operating System Computers Router Risk Management Virtual Private Network Website Health Help Desk Analytics Office Tips Augmented Reality Retail Telephone The Internet of Things Scam Data loss Remote Workers Social Cooperation Free Resource Going Green Patch Management Save Money Project Management Windows 7 Remote Monitoring End of Support Vulnerability Customer Service Vendor Management Microsoft 365 Cybercrime Physical Security Solutions Display Printer Paperless Office Infrastructure Monitoring Windows 11 Firewall Document Management 2FA Excel Virtual Machines Safety Professional Services Maintenance Downloads Antivirus Sports Mouse Licensing Entertainment Administration iPhone Vulnerabilities Robot Data Privacy Telephone System Customer Relationship Management Cost Management Settings Images 101 Wireless Printing Mobility Content Filtering Multi-Factor Authentication Hacking IT Management YouTube Meetings Presentation VPN Cryptocurrency Modem Wireless Technology User Tip Processor Computer Repair Mobile Security Employees Integration Virtual Desktop Data storage LiFi Word Smart Technology Outlook Holidays Machine Learning Data Storage Money Saving Time Humor Supply Chain Video Conferencing Managed IT Service Managed Services Provider Workplace Deep Learning Download Twitter Alerts Gig Economy Internet Service Provider Teamwork Hiring/Firing Undo Error Evernote Paperless Education Connectivity Social Engineering Break Fix Regulations Compliance Browsers Memes Co-managed IT Upload Remote Computing Multi-Factor Security Net Neutrality SQL Server Technology Care Mobile Computing Social Network Business Communications Tablet IoT Search Dark Web Financial Data History IT Scams Application Best Practice Trends Alert Smartwatch Buisness File Sharing Regulations Dark Data Google Calendar Procurement Azure Hybrid Work Managed IT Customer Resource management IBM Legal Data Analysis Tech Human Resources IT solutions Star Wars How To Microsoft Excel Telework Cyber security Communitications Cables Business Growth Gamification Notifications Staff CES Travel Social Networking Legislation Supply Chain Management Techology Fileless Malware Term Google Apps Google Maps Cortana FinTech IT Assessment IT Maintenance Alt Codes Content Wearable Technology Downtime Unified Threat Management Motherboard Comparison Flexibility Value Business Intelligence Competition Health IT Unified Threat Management Directions Shortcuts Hosted Solution Assessment Permissions Organization Smart Devices Ransmoware Typing Digital Security Cameras Network Congestion Specifications Remote Working Memory Vendors Google Drive User Error Microchip Google Play Be Proactive User Internet Exlporer Knowledge Fraud Data Breach Electronic Health Records Workforce Username Videos Point of Sale 5G Black Friday Wasting Time Threats IP Address Google Docs Security Cameras Workplace Strategies Unified Communications Database Experience Trend Micro Software as a Service Meta Bitcoin Network Management Running Cable Tech Support IT Technicians Cookies Monitors Cyber Monday Managing Costs Amazon Google Wallet Proxy Server SSID Recovery Tactics Hotspot eCommerce Surveillance Virtual Assistant Outsource IT Hard Drives Windows 8 Laptop Websites Mirgation Nanotechnology Virtual Machine Environment Domains Drones Media SharePoint Medical IT Addiction Electronic Medical Records Language Reviews Development Transportation Small Businesses Refrigeration Management Halloween Chatbots Screen Reader Writing Distributed Denial of Service Hypervisor Displays Public Speaking Lenovo Optimization Lithium-ion battery PowerPoint Service Level Agreement Virtual Reality Computing Infrastructure Shopping Employer/Employee Relationships Outsourcing Hacks Server Management Entrepreneur Scary Stories Private Cloud Identity Navigation Identity Theft Smart Tech Fun PCI DSS Superfish Bookmark

Blog Archive

2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
2015