Unencrypted | What is SolarWinds? Are updates still safe?

by John Nicholas

In December 2020, the cyber world was shaken with the announcement of the hack of SolarWinds. The Texas-based technology company provides one of the most widely used network monitoring software called “Orion.” Essentially, this software watches the network for problems ranging from hardware and software issues to network traffic flow concerns, to name a few. It is estimated that 33,000 companies use SolarWinds worldwide, including the United States government. SolarWinds is the gold standard for network monitoring software.

About a year ago, hackers broke into SolarWinds’s systems and added malicious code into the company’s software system. As a result, SolarWinds unwittingly sent out software updates to its customers that included the hacked code. The U.S. government and Microsoft were included in those who installed the hacked update. This left many, including myself, wondering: if a security based company can have their updates hacked, is anything safe?

Read more:

I have spent a lot of time researching what happened with the SolarWinds hack, how it happened and its potential impact on our day-to-day lives. Make no mistake: the SolarWinds hack is a big deal. But the effort that it took to accomplish this hack was huge. In fact, it was the biggest targeted hack to date. All of the evidence gathered by both federal investigators and cybersecurity experts say that Russia’s Foreign Intelligence Service, known as the SVR, is probably responsible for the attack.

After the attack, Microsoft dedicated 500 engineers to determine how the hack occurred. They determined the hack used more than 1,000 software engineers. The cost and effort to coordinate such an attack points toward a nation-state. The evidence found in the compromised code was similar to the code found in the Russian government’s Ukraine hack.

While this was the biggest attack to date and worrisome to say the least, it does not mean gloom and doom for the rest of us.

The SolarWinds attack put all software developers and our government on high alert. Further, it took a coordinated effort of over 1,000 highly trained software engineers to pull it off. It was a huge coordinated effort that will be hard to duplicate.

It is safe and necessary to update your devices each and every time an update is available. But there is a caveat to that rule: you must pay attention to the news about cybersecurity as much as you pay attention to the weather reports.

All software and technology companies are doing their part to keep their products safe from hackers. The hackers are continuously looking for weakness in all areas of technology to gain an advantage. Occasionally, the hackers will win a battle. When they do, the technology companies react as quickly as possible to counter the effects of the hack. This results in newer updates that you must install.

Our part in this global cyberwar is to do our part and keep current. Beware of quick fixes and boisterous claims in pop-up ads. There is no one solution nor is there a quick fix to some problems.

They key to your personal and corporate cybersecurity is diligence. Be suspicious of internet posts claiming hacks and/or solutions to cyber and technology concerns. When in doubt about the accuracy of an internet story, verify it through the Associated Press (AP), Reuters and other true journalistic resources.

I would like to hear your questions and concerns for future articles. You can reach me at jbnicholasphd@gmail.com.

Dr. John B. Nicholas is a Professor of Computer Information Systems and Co-Founder of the Cybersecurity Degree Track at The University of Akron. Dr. Nicholas has over 30 years experience in the technology field in both the private sector and in higher education.

You just read this article for free. The good news is that we’re committed to never putting our content behind a paywall. We want our readers to be able to continue reading for free because we believe everyone should have access to quality journalism. 

But here’s the catch: Our work is not free to produce. If you can afford to contribute by joining our co-op and becoming a member, we need your support for the news we offer to remain free and equitable. Plus, we think you’ll love being able to say, “I’m part-owner of a magazine.”

We want all Akronites, our neighboring suburbanites, and our beloved expats to have the opportunity to learn what’s happening here, and to read articles written by contributors whose love for Akron shines through their work. So here’s what we’re asking: Please join us for as little as $1/month in becoming a member. When you click the red button below, you help keep our content free for thousands of readers who might not otherwise be able to access our stories.