FireEye and Solar Winds Data Breach: What Businesses Need to Know

    After the catastrophic data breach at the end of 2020 of FireEye and SolarWinds, companies from all over the world are rushing to make drastic improvements to their cybersecurity in order to avoid the same disastrous fate. 

    At the end of 2020, network management company SolarWinds was hit by a massive data breach, a nightmare scenario for any business, that has impacted over 18,000 businesses and organizations. 

    As the news broke, the strength of the cybersecurity of all US organizations was thrown into serious question. After the security firm FireEye fell victim to a massive malware attack, they uncovered malicious code that had been embedded into the software that is provided to their customers by the tech firm, SolarWinds. 

    A Hidden Cyber Attack

    SolarWinds disclosed the breach in December, revealing that the malicious code had infected a service that offers software updates for their Orion products. 33,000 SolarWinds customers use these products, including several Fortune 500 companies and US federal government departments. 

    On the same day as the breach was announced, FireEye released a detailed publication that covered the malware infrastructure that was used in the attack. This publication also suggested that SolarWinds had evidence of the potential of a breach from as long ago as March, and it implied that the breach was caused by SolarWind’s lack of prompt action. 

    Thanks to the confidential government information involved, this breach is likely to be devastating to SolarWinds. It’s likely that SolarWinds will face litigation processes and non-compliance consequences that could ruin them. 

    Effects of the Breach

    After the breach became public knowledge, Microsoft took control of a domain name used by the hackers to get information about which organizations had been impacted. The attack has left many companies in shock and very worried about the security of their infrastructures. 

    The effects of the breach reach further than the 18,000 customers directly involved. Several countries outside of the USA have also been impacted. Government espionage is not new, but according to Microsoft, the techniques used by the SolarWinds hackers have jeopardized the technology sector on a global scale. The methods used show that the attackers knew that Orion customers were a worthwhile target, but also which customers would be the targets of the highest value. 

    The full scale of this attack and its ramifications are still only beginning to come to light. It is not yet clear exactly how many organizations have been affected by this alarming hack. Many companies are asking hard questions about how effective their cybersecurity really is. For 2021, it will be even more critical for organizations across the world to look carefully at their security measures and cybersecurity services and make sure they are reliable. 

    The scale of this hack, whether your business was a customer of SolarWinds or not, should be a wake-up call to all businesses to take cybersecurity very seriously. Whether you decide to hire a professional company or handle your security yourself, it should be a priority, in order to protect your data, your customers, and your reputation.