Cybersecurity Awareness Month Newsletter

Verify and Report

Graphic encouraging users to verify communications.

This week, read about how the employees of FireEye and SolarWinds responded to a hack and where a timely verification would have changed the outcome.

The SolarWinds hack was first spotted by someone at FireEye, a cybersecurity company. A staff member noticed that an employee signed in using their username and password but a new phone number.

This suspicious behavior set off alarms. The staff member needed to verify if the employee had a new phone number. In this case, they did not.

Once this was confirmed and they realized that an attack was underway, people jumped into action.

  • SolarWinds is a software company. In this hack, network management software was compromised.
  • Many large organizations such as Microsoft, Intel and even the U.S. Department of Homeland Security were using SolarWinds. This meant their organizations were compromised too.
  • Sudhakar Ramakrishna, CEO of SolarWinds, immediately announced this issue to the world. He said, “The right thing to do is report.”
  • What is a supply chain hack? A supply chain hack is an attack on one part of a supply chain. This hack is efficient because it can get hackers into multiple organizations quickly.

For more information on the SolarWinds hack, check out the NPR Planet Money podcast “One Hack to Fool Them All” below.

Source: https://www.npr.org/2021/05/28/1001402799/one-hack-to-fool-them-all