What You Need to Know About the SolarWinds Hack -- Rhea Jethvani

Published by Rajvi Khanjan Shroff, April 20th, 2021

AUTHOR: Rhea Jethvani

The SolarWinds Hack causes increasing tension between the United States and Russia.

"Massive data breach." "Compromised information." "Not even big tech giants like Microsoft were spared." "FBI determines Russia’s involvement." We’ve all heard the breaking news headlines about the SolarWinds hack.

This larger-than-life computer attack was one of the most widespread breaches in 2020. The international conflict led to the SolarWinds Corporation stock plummeting and caused a stir in the entire Information Technology field (especially with companies in the Cybersecurity industry).

So, what exactly happened? Let’s look at the facts.

1. SolarWinds Inc. is a major Information Technology firm, headquartered in Austin, Texas, that assists its clients, ranging from Fortune 500 companies to the United States of America government, by developing computer software to manage business networks, systems, and infrastructure. Their primary software is Orion, used by over 33,000 customers to manage IT resources, according to Securities and Exchange Commission documents.
   
   
2. Earlier this year, foreign hackers secretly infiltrated SolarWinds systems and added malicious code into them. The hack was done so covertly, it went undetected for months. According to the Wall Street Journal, officials even claim that some clients may never know if they were hacked or not.
   
   
3. Similar to other technology companies, SolarWinds sends out firmware updates for their systems, inclusive of bug-fixing or new and improved features. Starting as early as March of 2020, SolarWinds began to send out software updates to over 18,000 of their customers that included the compromised code. This is called a supply-chain attack.
   
   
4. This code created backdoor systems, allowing the hackers to access private company information and even more company systems. Hackers continued to install malware on SolarWinds client’s IT systems inclusive of several United States agencies, such as parts of the Pentagon, the Department of Homeland Security, the State Department, the Department of Energy, the Treasury, and even the National Nuclear Security Administration. Private companies like Microsoft, Cisco, and Intel along with several hospitals were impacted.
   
   
5. Russia’s Foreign Intelligence Service, known as the SVR, has been publicly blamed for the attack in a joint statement from the United States Federal Bureau of Investigation, National Security Agency, Cybersecurity and Infrastructure Security Agency, and the Office of the Director of National Intelligence. This came after Former President Donald Trump floated rumors on Twitter that the hack may have been caused by China.
   
   
6. This breach is still "significant and ongoing." The extremely powerful malware provides broad reach into impacted systems, causing investigative officials to not be able to determine what information hackers might have stolen so far.

So, you may be thinking: "Well, what does that have to do with me? I didn’t lose millions of dollars in the stock market." Aside from infiltrating government systems and networks filled with citizens’ Personally Identifiable Information (PII), hackers were able to turn a simple unavoidable software update into a tool to take control of thousands of networks. Former Facebook cybersecurity chief Alex Stamos even shared that this particular hack could lead to supply-chain attacks becoming more prevalent in our society.

It could be years before the networks are secure again and Orion software updates are free of the stigma of the SolarWinds hack.

Primary Impacted Company in the Recent Supply-Chain Attack (Photo by SolarWinds Inc.)

---

References:

1. Hautala, L. (2021, January 5). SolarWinds hack officially blamed on Russia: What you need to know. CNet. https://www.cnet.com/news/solarwinds-hack-officially-blamed-on-russia-what-you-need-to-know/
2. Jibilian, I. (2020, December 24). Here's a simple explanation of how the massive SolarWinds hack happened and why it's such a big deal. Business Insider. https://www.businessinsider.com/solarwinds-hack-explained-government-agencies-cyber-security-2020-12
3. (2020, December 14). Securities and Exchange Commission Official Current Report. https://www.sec.gov/ix?doc=/Archives/edgar/data/1739942/000162828020017451/swi-20201214.htm