Many cyber security frontrunners and government agencies are calling the SolarWinds breach one of the most sophisticated attacks they have ever witnessed. Its global reach, to organizations of all sizes, stresses the importance of an optimized, layered cyber security strategy.
In today’s post, I’m going to detail what happened in the SolarWinds breach, why it matters and how you can keep your SMB safe from cyber security attacks with the right solutions.
What happened with SolarWinds?
The SolarWinds attack compromised the Texas-based company’s monitoring platform, Orion. This piece of software is used to keep an eye on network and application security, and Russian cyber criminals took advantage of it using a “trojanized” update.
In other words, hackers hid their malicious code inside a seemingly harmless software update that, according to a report from the SolarWinds corporation, affected around 18,000 customers. Any customer that downloaded the infected patch update was potentially infiltrated in what is known as a supply chain attack.
The hackers created a backdoor with the Trojan Horse code implant, but that wasn’t all they did.
Poor Passwords Spell Certain Disaster
To make their way through the SolarWinds system, these criminals moved laterally using stolen user credentials. One security researcher told Reuters in a Dec. 15 article that “anyone could access SolarWinds’ update server by using the password ‘solarwinds123.’”
How did These Cyber Criminals Avoid Detection for Nearly 9 Months?
These Russian hackers opted to modify existing legitimate utilities—meaning they would add their malicious data and execute any necessary tasks, then restore the system back to its regular configuration.
This technique made it difficult, but not impossible, for them to be traced, allowing them to remain on the network without SolarWinds knowing about it for several months. In fact, many accounts say that they first accessed the network in March 2020—bringing up the important notion of hacker dwell time.
For more on the continuously developing SolarWinds breach, click here to read LawFare’s detailed reflections.
What is dwell time?
Dwell time refers to the amount of time a hacker has access to your network and systems—and consequently any unsecured data on them—without you knowing about it. According to FireEye, one of the companies impacted by the SolarWinds breach, the average period of dwell time is 141 days.
Think about that for a moment. Imagine what a hacker could do—under the radar—with your data and information in 141 days.
Hackers could read through it, gain access to an array of confidential financial records—or worse, make alterations to that data—potentially all under the guise of legitimate action.
Why does the SolarWinds supply chain hack matter to small businesses?
The SolarWinds hack should matter to everyone, from small businesses to large corporations.
This hack proves that anyone is susceptible to a breach, and that everyone needs to be exercising constant vigilance in their cyber security protocols.
Why are cyber security experts more concerned about this hack than others?
The SolarWinds hack is significant for several reasons. While supply chain attacks aren’t new, the level of sophistication seen in these criminal methods are eye-opening, and they make cyber security experts consider the ramifications of these tactics combined with other heavy hitters, such as ransomware.
CSO Online said, “From a ransomware perspective, if [the hackers] simultaneously hit all the organizations that had SolarWinds Orion installed, they could have encrypted a large percentage of the world’s infrastructure and made off with enough money that they wouldn’t have ever had to work again.”
How can your small or midsized business protect itself from growing cyber security threats?
To avoid falling victim to today’s cyber threats, every business, big and small, needs to practice due diligence when it comes to protecting their organization.
That means that everyone, from the top-down, needs to take cyber security seriously and become more knowledgeable as to what is happening. It can no longer be viewed as an afterthought, but rather an essential component of your business success.
While no business is immune from cyber threats, there are still steps to take to mitigate risk, including:
- Manage passwords appropriately. Use long, complex passphrases that are easy to remember but hard for others to guess. Better yet, use a password vault like LastPass.
- Utilize multifactor authentication. Make it a requirement on your frequently used applications and websites—or even to log onto employee devices. With many apps, it’s already a built-in feature, and you just need to enable it.
- Audit application device usage. Always have an up-to-date awareness of what employees are using. Ensure that they are following acceptable use policies and proper reporting procedures to avoid any unknown vulnerabilities in your IT setup.
- Train your staff on what threats are out there. Make cyber security awareness training mandatory, comprehensive and ongoing.
- Have a solid understanding of your technology vendors’ vulnerabilities and cyber security practices. Be sure that they have robust, end-to-end IT security protections that will keep not only their systems secure, but also your data and business.
- Take advantage of advanced cyber security solutions, like artificial intelligence. As threats become more complex, your protections against them should, too.
- Intrusion detection and intrusion prevention systems can monitor, alert you to, and in some cases even alleviate violations or intrusions.
- Security information and event management solutions will take a holistic monitoring approach to your systems and piece together disparate parts into a greater whole. By piecing together these numerous smaller systems, the SIEM solution can determine threats that may otherwise go unnoticed on individual systems. By looking at your entire setup, a SIEM solution can offer added peace of mind.
Your best defense may be managed IT security—let CoreTech’s experts explain how in a free consultation.
A layered approach to IT security is the optimal solution, but it’s a lot more complicated. Not only do you need the hardware and software, but they need to be configured appropriately to provide the best protection and flexibility.
There’s a lot that goes into that configuration, and it takes several moving parts. The experts at a managed IT security provider like CoreTech can manage those numerous facets for you. They also have the resources to stay ahead of the latest cyber threats, and they have access to tools small and midsized business owners don’t.
To see the benefits of a managed IT security setup, contact CoreTech today. We’ll answer any questions you may have, and we’ll learn about your business to recommend a customized solution for you.