top of page
This site was designed with the
.com
website builder. Create your website today.Start Now
    • Jul 26, 2021
    • 2 min read

How the SolarWinds attack changed U.S cybersecurity forever

The SolarWinds attack changed U.S cybersecurity forever

Last March thousands of companies and U.S. government agencies were sent a routine software update. There was no reason to suspect anything of the update as this happened regularly with SolarWinds Orion software.


What they couldn't see at the time was a a Trojan horse planted by Russian military associates deep within the update, which opened up a backdoor to crucial American computer networks.

About nine months after that update cybersecurity firm FireEye sounded the alarm. They had been hacked. Their crown jewels, what the company officially calls their "Red Team tools," had been stolen. FireEye suspected that anyone who had downloaded and installed the SolarWinds Orion update had been hacked too.


The U.S. Treasury Department, Department of Justice, State Department, Energy Department, and the agency that protects and transports the U.S. nuclear arsenal, didn't see the Russians rummaging around in their computer networks for nine whole months. Businesses, including software titan Microsoft, also found their systems compromised by proxy of the update.


SolarWinds claims that its products are used by more than 300,000 customers around the globe, and that over 18,000 customers downloaded its compromised software update..


In March The Biden administration levied sanctions against Russia, blaming the Russian Foreign Intelligence Service (SVR) for the SolarWinds hack. President Biden has also taken executive action to bolster U.S. cybersecurity and has spoken with Russian President Vladimir Putin about recent cyberattacks on the U.S., although Russia has denied any and all responsibility for the hack.


In an executive order this May, President Biden created strict new security standards that supply chain software companies like SolarWinds must meet to continue to do business with the federal government. The order also requires those companies to maintain a vulnerability disclosure program and make automated security checks public.



bottom of page