It’s considered one of the biggest, most wide-reaching hacks in American history — U.S. governmental agencies like the State, Treasury and Homeland Security Departments, private companies such as Microsoft and even the city network of Austin, Texas. All were the targets of a major security breach due to malware that infected the Orion software, a network tool from SolarWinds, reports Salon.
It is believed the malware reached as many as 18,000 SolarWinds customers.
The attack is so massive it has left security experts and laypeople alike stunned.
BBC News reports that many are saying the Russian government is behind the massive cyberattack.
“Increasingly clear that Russian intelligence conducted the gravest cyber intrusion in our history,” Republican Senator Marco Rubio of Florida tweeted on December 19. “The process of determining its extent & assessing the damage is underway.”
So, what are the ramifications? Wired explains that while the average person regularly installs updates to their devices and changes passwords — the typical cybersecurity best practices — the same isn’t always said when it comes to a major company’s IT protocols. These large organizations in fact are frequently significantly behind when it comes to patching their networks and putting in place safeguards against these kinds of attacks.
“The fear on this one is real,” David Kennedy, CEO of the threat-tracking firm Binary Defense Systems, who formerly worked at the NSA and with the Marine Corps’ Signals Intelligence unit, told Wired. “This type of attack could allow the adversary access to essentially anyone they wanted that had SolarWinds Orion and the bad patch. There is a large scramble right now to see which systems were compromised, and if there is a probability this could have happened, organizations need to investigate.”
What does this mean for you? Experts say it’s a little difficult to tell. We might be months away from fully knowing the entire scope of this breach. Day by day, increasingly more news trickles out about how large the hack was.
What it does do is underscore the importance of protecting your data. In the 21st century, your personal data is in many ways the most sought-after commodity.
For individuals, this means embracing two-factor authentication, constantly updating software and using unique passwords that only you would know. When it comes to companies, this latest news is a big wakeup call. Having all the network patches in order, a robust IT strategy and the ability to anticipate what kinds of future attacks might be on the horizon.