NOT BILLABLE

Share this post

🌬️ So, what happened with the SolarWinds hack?

newsletter.lawtrades.com

🌬️ So, what happened with the SolarWinds hack?

Raad Ahmed
Dec 23, 2020
Share this post

🌬️ So, what happened with the SolarWinds hack?

newsletter.lawtrades.com

Last week, we learned IT management company SolarWinds was hacked, likely by Russia, affecting them and some well-known clients. Among the thousands of infected companies who used SolarWinds’s compromised network monitoring software are Nvidia, Belkin, Cisco and Intel. 

SecurityScorecard, the leading rater of corporate cybersecurity safety and a customer of Lawtrades, analyzed the hack. They came out with several interesting discoveries, as well as some important lessons.  

How the hack happened

The perpetrators modified SolarWinds’s software package known as hotfix and posted the infected package on SolarWinds’s update site. SolarWinds’s clients then downloaded the updated, infected software.    

SecurityScorecard had some exclusive findings

  • SolarWinds was hacked as early as October 2019. This was five months earlier than originally reported.

  • SolarWinds was still delivering infected components as of Dec. 18.

A lesson to remember

SecurityScorecard emphasized supply chain safety: “Companies everywhere should continuously monitor the digital assets associated with their supply chains to identify vulnerabilities, attack vectors, and other exploitable conditions that can lead to incidents such as data breaches, ransomware, or other cyber attacks.”

We’ll add this, too: You always need to have airtight policies set with your third party vendors.

Read the full post on SecurityScorecard’s blog for more info. 

Share this post

🌬️ So, what happened with the SolarWinds hack?

newsletter.lawtrades.com
Comments
TopNewCommunity

No posts

Ready for more?

© 2023 Lawtrades
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing