Details are still emerging about the full scope and scale of the cyber-attack that targeted software vendor SolarWinds and compromised the systems of several of the largest U.S. public companies and government agencies, but the lessons it imparts on where vulnerabilities still lurk in the third-party vendor supply chain cannot be grasped soon enough.
Word of the cyber-attack—suspected to have been perpetrated by Russian hackers—came on Dec. 8, when cyber-security firm FireEye disclosed it had been hacked by “a highly sophisticated state-sponsored attacker.” The hackers “operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past,” FireEye said.
