In late 2020, the technology world was shaken by a massive attack involving SolarWinds, the creator of a popular networking software with over three hundred thousand customers worldwide, including 412 of the companies that make up the Fortune 500. Initially, onlookers believed that the attack was directed at the massive software corporation and their high-profile clients because of malicious code found in SolarWinds networking software and a large initial degree of overlap between SolarWinds clientele and victims of the hack.
However, recent information has revealed that over a third of known victims had no connection to the software company whatsoever, implying that there were multiple, as-of yet unknown, vectors of attack. Even larger government bodies such as the National Telecommunications and Information Administration and the Treasury Department reported that the hackers had limited success in breaching secure data, such as internal government emails. The full scope of what data was compromised, as well as who launched the attack and how it was initialized, is still unknown.
These types of far-reaching cyberattacks can feel like the stuff of nightmares for everyone involved. Private citizens may have had sensitive data leaked to malicious third-party actors, the affected corporations lost money and consumer trust, and the full extent of the damage done to United States domestic security is still unknown. SolarWinds is still currently investigating the root cause of the attack, and allegedly is pointing to Microsoft’s cloud as the potential first attack vector. Federal law enforcement and Microsoft itself have not yet commented on this possibility.
At this point in early 2021, there’s still a lot we do not know about what was once called the SolarWinds attack. Everything from a list of affected entities to possible motivations for the hack are still unknown. In the meantime, all everyone else can do is maintain their cybersecurity standards and keep an eye on the news. If your company is looking for help designing a cybersecurity plan, reach out to us at firstname.lastname@example.org–we’re always happy to help.