Week 4 - Verify

Verify and report

This week, read about how the employees of FireEye and SolarWinds responded to a hack and where a timely verification would have changed the outcome.

Keep your software updated

Hackers target computer, systems, and mobile devices that are vulnerable. Protect your personal devices by making sure all software updates are applied when made available. While it can seem annoying to apply updates to your cell phone or laptop, this is the best way to protect your device and data. Hackers count on you not updating your devices. Protect yourself!

SolarWinds hack — Supply chain hack

The SolarWinds hack was first spotted by someone at FireEye, a cybersecurity company. A staff member noticed that an employee signed in using their username and password but a new phone number.

This suspicious behavior set off alarms. The staff member needed to verify if the employee had a new phone number. In this case, they did not. Once this was confirmed and they realized that an attack was underway, people jumped into action.

  • SolarWinds is a software company. In this hack, network management software was compromised.
  • Many large organizations such as Microsoft, Intel and even the U.S. Department of Homeland Security were using SolarWinds. This meant their organizations were compromised too.
  • Sudhakar Ramakrishna, CEO of SolarWinds, immediately announced this issue to the world. He said, “The right thing to do is report.”
  • What is a supply chain hack? A supply chain hack is an attack on one part of a supply chain. This hack is efficient because it can get hackers into multiple organizations quickly.

For more information on the SolarWinds hack, check out the NPR Planet Money podcast “One Hack to Fool Them All.”

Sources: