The Internet is buzzing with information about the SolarWinds hack. Let’s break down the basics.
What is SolarWinds?
SolarWinds is a company that makes network management software. The software helps IT managers keep networks up-to-date by installing important security updates.
How did the breach happen?
Hackers got into the company’s server and installed malware. That malware put malicious code into security updates. That code allowed hackers to access the company servers. When people installed updates to make their networks safer, they were actually allowing access to hackers.
Who was affected?
Multiple government agencies and Fortune 500 companies. The Department of Homeland Security, Treasury Department, and Commerce Department are among the agencies affected by the breach. The Department of Homeland Security issued an emergency directive for government agencies to stop using the products affected by the breach. Belkin, Cisco, Intel and other top companies were also hit.
How did the hackers get in?
Last year, a security researcher told the company you could access their secure server with the password SolarWinds 123.
What we don’t know yet is if the company actually set a ridiculously simple password for its server or if hackers added that password to make it easy for them to get in.
Whose behind the attack?
In a statement, SolarWinds said, “We have been advised that this incident was likely the result of a highly sophisticated, targeted, and manual supply chain attack by an outside nation-state, but we have not independently verified the identity of the attacker. Security and trust in our software is the foundation of our commitment to our customers. We strive to implement and maintain appropriate administrative, physical, and technical safeguards, security processes, procedures, and standards designed to protect our customers.”
Most experts are pointing the finger at Russia as the place where the attack originated.