SolarWinds Hack Bad News for Retailers According to Chargeback Gurus
Share Article
Data breaches cost companies millions of dollars a year, with an average cost of $8.19M per breach per company. As security measures get stronger, hackers are getting smarter and attacking associated services from cloud service and managed service providers to get even more data and more victims. We believe that this will be equally as true in the wake of the recent SolarWinds hack. With the COVID-19 pandemic still going strong at the end of 2020, retailers in various industries are already feeling the pressure of increasing eCommerce transactions and friendly fraud incidents. With the breaking news of the SolarWinds security breach, these retailers are now facing a potential “second wave” of chargebacks.
Get Permission
The CEO of security firm Malwarebytes says the hackers who attacked SolarWinds also targeted his company and gained access to a limited subset of internal company emails. While Malwarebytes does not use SolarWinds [hacked software], we, like many other companies, were recently targeted by the same threat actor,” Malwarebytes CEO Marcin Kleczynski notes in a blog. The hackers appear to have exploited a dormant email protection tool within the company s Office 365 system to gain access to a subset of the firm s emails, he says.
Malwarebytes was notified about the intrusion on Dec. 15, 2020, by the Microsoft Security Response Center. This was about the same time Microsoft notified security firm CrowdStrike of similar suspicious activity. The attempted intrusion against Crowdstrike was ultimately unsuccessful (see:
Companies affected include Cisco, Intel, Nvidia, VMware, Deloitte, and Belkin International, in addition to California Department of State Hospitals and Kent State University, the WSJ found. Analysis revealed infected machines at 24 organizations that downloaded infected versions of SolarWinds Orion network management software, which had a backdoor installed in a routine update.
Cisco detected the malicious software on some employee systems and lab systems; so far, it says there is no effect on its products or services. Intel is investigating and has said there is no indication attackers accessed its network. Similarly, the other organizations affected confirm they detected the infected software but there is no indication attackers have exploited it.
17 December 2020, 9:42 pm EST By
The U.S. officials has revealed that Microsoft was included in the massive breach, but people familiar with the matter warned that it could just be the tip of the iceberg. The incidents affecting Microsoft and the software company SolarWinds Corp. may be just be a part of software supply chain attack that have been going on for months.
According to Reuters, the malware inflicted on Orion IT products are believed to have found their way into U.S. government agencies like the Defense and Energy Departments, including the National Nuclear Security Administration (NSSA) that manages the US nuclear weapons.
16 December 2020, 11:29 pm EST By
After confirming being hacked earlier in December, cybersecurity firm FireEye immediately investigated on how cyber criminals were able to break into the company s defenses. The researchers discovered vulnerability from SolarWinds Corp, one of its software providers, which allegedly compromised over 25 entities.
According to Newsweek, Mandiant senior vice president and chief technical officer Charles Carmakal said that they have investigated on 50,000 source code lines, which led to a backdoor within SolarWinds. Mandiant is incident response arm of FireEye. Carmakal said that as soon as they discovered the backdoor, FireEye immediately contacted SolarWinds and the law enforcement.
SolarWinds Breach: FireEye discovers more than 25 compromised firms