Well, in fact it worked very well… only in the wrong way. “The FireEye hack may have exposed the Nation’s greatest Cybersecurity breach of SolarWinds, but the skill used to undermine SolarWinds was shamefully elegant. In short, the hacker team successfully injected their “pirate code” into the base code of the software build itself. You guessed it, then every new version or updated version of the software would include the embedded vulnerability and subsequent backdoor. This may be a hard lesson to learn, but a lesson an entire industry must embrace.”
Jonathan Goetsch, CEO of Anamo Cybersecurity
For an overview of the breach and mitigation recommendation by the DHS, look for our follow up blog here.