How does the Solarwinds hack affect my internet experience?
The Russia-linked SolarWinds hack which targeted US government agencies and private corporations may be even worse than officials first realized, with some 250 federal agencies and business now believed affected, the New York Times reported.
First of all, not all customers of SolarWinds are vulnerable to this hack. Only users of the Orion software platform are affected, and only those who loaded the March update. SolarWinds has communicated that the number of customers that have this update is about 18,000. However, even if your organization has the affected software installed, it may not have been hacked yet; 18,000 is a lot of targets to hack even for a big nation-state group with lots of resources like Cozy Bear. Most likely, the hackers went after the high-value targets first, such as U.S. federal government agencies and large companies, and will work their way down the list. There is a chance that if your organization are not one of the high-value targets, it has not been compromised. Still, you need to assume it is and take all appropriate steps to limit exposure. Now that their attack is exposed, the hackers may be taking steps to hide their tracks or install back doors for them to return later, so every minute counts in a situation like this.
Companies who have acknowledged using the compromised software:
- Microsoft
- FireEye
- Cisco
- Intel
- Nvidia
- Deloitte
- VMware
- Linksys/Belkin
- Cox Communications