As reported last week, a state-sponsored hacker may have breached multiple U.S. government networks through a widely-used software product offered by SolarWinds. The compromised product, known as Orion, helps organizations manage their networks, servers, and networked devices. The hacker concealed malware inside a software update that, when installed, allowed the hacker to perform reconnaissance, elevate user privileges, move laterally into other environments and compromise the organization’s data.
Businesses are on notice to pay more attention to computer security in order to protect business assets and private information, and to thwart infiltrations that threaten interconnected computers. And help is available from the United States Computer Emergency Readiness Team (“US-CERT”).
Department of Homeland Security (“DHS”) Secretary Michael Chertoff and Assistant Secretary of Cybersecurity Greg Garcia recently warned that an uptick in cyber attacks reveal a growing threat to critical U.S. infrastructure and private networks. Garcia warned that hackers “are making massive efforts to compromise computer systems on a global scale,” a reference to the fifty percent in crease in cyber-attacks between 2006 and 2007. Chertoff called upon businesses to help protect networks and infrastructure from infiltration and data theft. Secretary Chertoff remarked, “There’s no question this is the vulnerability of the 21st century.”