Yesterday, we reported that the SolarWinds breach, which is still ongoing, was massive and extremely dangerous to the United States’ national security. The hackers got into key agencies, our critical infrastructure, and our nuclear weapons stockpile database. The hackers have had access since March and they can still download data.
Attackers plugged malicious code into its software, which was then distributed to 18,000 of its 300,000 clients. Its customer base includes Fortune 500 firms and government agencies.
It’s an ongoing risk and not easily addressed.
There are reports that several government agencies raided SolarWinds. It’s also the FTP for Dominion Voting Systems.
Reuters is now reporting that SolarWinds was warned last year that its update server was accessible with the password “SolarWinds123.”
Experts are reviewing their notes to find old examples of substandard security at the company. Security researcher Vinoth Kumar told Reuters that, last year, he alerted the company that anyone could access SolarWinds’ update server by using the password “solarwinds123,” Reuters reports.
“This could have been done by any attacker, easily,” Kumar said.
Others – including Kyle Hanslovan, the cofounder of Maryland-based cybersecurity company Huntress – noticed that even days after SolarWinds realized their software had been compromised, the malicious updates were still available for download.
As Business Insider’s Aaron Holmes reported, the hackers could then spy on the companies and federal agencies for months, since about March. They had free access to victims’ files and private communications sent by the top brass of the US government. They stole data undetected, but don’t worry. Those dinky Dominion voting systems are the most secure ever — unhackable!
Solar Winds stock has tumbled, and they’re looking for a CEO.