The Importance of the SolarWinds and FireEye Breaches

Published on April 20, 2021  |  Cyberfort Advisors
solarwinds and fireeye

Cybersecurity compromise isn’t a possibility, it’s an inevitability. No person or business can move through this digital world without encountering some form of breach or data theft. And when big breaches happen to publicly well-known companies, it’s good to analyze the situation and, hopefully, learn from it.

So let’s talk about the importance of the SolarWinds and FireEye breaches that took place in December of 2020.

What Happened?

There are tons of reports, like this one, that offer a play-by-play of both the SolarWinds and FireEye attacks. But since you’re here, we’ll give you a quick synopsis.

On December 8, 2020, after some warnings from the NSA, FireEye had its network infiltrated and Red Team hacking tools stolen by a “Russian state-sponsored actor”. In response, FireEye sent detailed information about the hacks to client organizations that could be potentially affected.

Five days later, FireEye released a report about SUNBURST – the attack on SolarWinds – which included details about bad actors gaining access to thousands of organizations through SolarWind’s Orion IT monitoring and management software.

Those organizations that were affected include government, consulting, technology, and telecom businesses on three different continents.

The actors responsible for the SolarWind hack went undetected for almost 9 months, giving them nearly unfettered access to critical tools, technologies, and information and leaving 6% of SolarWind’s users at risk for most of 2020.

What Does This Mean for Cybersecurity?

With the SolarWinds and FireEye attacks, we now know that foreign nation-states are in possession of new and different hacking tools.

There is some good news: the FireEye hack took exceptional precision and effort on the part of the hackers, which means that FireEye was and has been doing everything right in terms of protecting their data as well as quick implementation of countermeasures.

Security organizations, like the two that were breached, have always been targets of prime interest to cybercriminals, so the breaches aren’t surprising from that aspect.

The SolarWinds case was instigated through a plug-in update. It’s important to take stock, if you are a leader in the security sector, of which of your vendors have the ability to push updates through. It doesn’t necessarily mean you have to change what you’re doing, but the biggest component of successful cybersecurity is thinking of the what-ifs, planning for these attacks, and having systems and protocols in place before such instances occur.

Tech Crunch sums this up pretty well: “You need to expect that FireEye, SolarWinds, and every other vendor in your environment will eventually get compromised. When failures occur, you need to know: ‘Will the remainder of my plans be sufficient, and will my organization be resilient?’”

Key Takeaways from SolarWinds and FireEye Breaches

Whether it’s the best idea or not, purchasing a single security solution to cover your entire business or multiple facets of it, can mean a breach of that system will have far-reaching negative effects on your work and your data.

When you are looking for security solutions, or even just evaluation your current system, it’s good to think about the what-ifs. With SolarWinds, there were months of breaches without any systems “sounding the alarm” that anything was wrong. So when you are looking at security solutions, make sure to ask about how that system will alert you or your security provider when a potentially nefarious event or software is detected.

Segmenting and fail-safes are not things we want to focus on, but they should be. It’s important, especially after these two huge breaches, to think in terms of when and where a breach is most likely to occur in your system so you can start preparing and closing dangerous holes now.

Start Securing Your Assets Today

SolarWinds and FireEye are cautionary tales. Our experts at CyberFort Advisors are here to help your business secure their cyber assets, whether it’s through security file activity monitoring, user activity monitoring, security awareness, or other potential trouble spots.

Contact us at 1 (866) 221-4004 or email [email protected] to learn more.