Last week, we learned IT management company SolarWinds was hacked, likely by Russia, affecting them and some well-known clients. Among the thousands of infected companies who used SolarWinds’s compromised network monitoring software are Nvidia, Belkin, Cisco and Intel. 

SecurityScorecard, the leading rater of corporate cybersecurity safety and a customer of Lawtrades, analyzed the hack. They came out with several interesting discoveries, as well as some important lessons.  

How the hack happened

The perpetrators modified SolarWinds’s software package known as hotfix and posted the infected package on SolarWinds’s update site. SolarWinds’s clients then downloaded the updated, infected software.    

SecurityScorecard had some exclusive findings

• SolarWinds was hacked as early as October 2019. This was five months earlier than originally reported.

• SolarWinds was still delivering infected components as of Dec. 18.

A lesson to remember

SecurityScorecard emphasized supply chain safety: “Companies everywhere should continuously monitor the digital assets associated with their supply chains to identify vulnerabilities, attack vectors, and other exploitable conditions that can lead to incidents such as data breaches, ransomware, or other cyber attacks.”

We’ll add this, too: You always need to have airtight policies set with your third party vendors.

Read the full post on SecurityScorecard’s blog for more info.