Russian Intelligence has been named as the suspected culprit behind the recent cyber attack targeting federal agencies. The attack resulted from Orion’s earlier compromise, a software developed by Solar Winds, a US-based company specializing in IT management software and remote monitoring services.

The ‘SolarWinds hack,’ first acknowledged by FireEye earlier this month on December 8th, has emerged as one of the biggest cyber-attacks against the federal government and private corporations alike in recent times.

SolarWinds has more than 300,000 customers and 18,000 clients using SolarWinds software worldwide, many of which have been impacted by the SolarWinds Hack. On December 14, SolarWinds announced advising their customers to upgrade the Orion platform and install the latest version plugging the exploit compromised to launch the attack.

How did agencies and companies get attacked?

The hackers managed to gain access to the system designated to push Orion software updates and injected malicious code into the updates compromising them; this type of attack is otherwise known as a Supply Chain attack.

Why is this SolarWinds Hack such a big deal, and what can we learn from it?

The hackers managed to turn the run-of-the-mill software updates into a dangerous weapon aimed at several federal government agencies and corporations comprising their systems and stealing sensitive data.

In this case, the hackers could compromise and forge a code signing certificate making it look like SolarWinds customers were downloaded legitimate software. Therefore it is essential to ensure you purchase a Code Signing Certificate from a legitimate certificate authority.

Once a certificate is obtained, the timestamp feature helps ensure the signed code remains valid even after the digital certificate expires.

What is a Code Signing Certificate?

Code Signing Certificates are used by software developers to digitally sign apps, drivers, and software programs as a way for end-users to verify the code. These Certificates ensure the code received by the users has not been changed or compromised by a third party as it includes your signature, your company’s name, and a timestamp (if desired).

DigiCert Code Signing Certificates further ensure that users won’t receive a warning message at installation or start-up and are ideal for ensuring third-party software installations are secure.

Acmetek offers Code Signing certificates from globally recognized Certificate Authorities (CAs) like DigiCert. Click here if you want to secure your cloud-based software or mobile phone application.

Acmetek Offerings:

• Easy-to-use certificate management platform that helps reduce the risk of outages with key features like notifications, easy management, and automation.
• Live support when you need it from experienced experts.
• The highest level of security and assurance for your business and customers.
• Control users and their actions with features like audit trail, approver workflows, Single Sign On (SSO), and Multi-Factor Authentication.
• Choose which validity period works best for your business and use case.
• Discover, monitor, and catalog all certificates on your network.
• Access robust security reports on demand, including server and certificate vulnerabilities.

We hope our blog helped you in understanding better about SSL Certificates and choose the right SSL/TLS certificate that fulfills your requirements.

To get 14-day free trial SSL Certificates, contact our specialist today.