U.S. companies are now scrambling to secure their systems after several federal agencies said that their networks were compromised following a cyberattack on a major software vendor.
The cyberattack on SolarWinds last week sent major companies such as Microsoft, Cisco, McDonald's, Visa, Mastercard, and Comcast on high alert this week. This was after federal agencies such as the U.S. Department of Commerce and the Department of Homeland Security said that their networks were breached.
A report from The Wall Street Journal said that the California Department of State Hospitals and Kent State University have become vulnerable. Other major comapnies that may also be compromised include Intel Corp., Nvidia Corp., Deloitte LLP, VMware, and Belkin International.
SolarWinds said in an investor filing this week that around 18,000 of its 300,000 customers running its software could be affected. The company said that some of the software that it had sold contained a vulnerability — one that was used by hackers to penetrate the Commerce Department's network.
SolarWinds provides its software to more than 425 companies on the Fortune 500 list. Some of the companies that are listed as customers on its website have announced that they are now conducting investigations into the matter.
Cisco said that it had already "identified and mitigated" the software that contained the vulnerability. The company said that only a small portion of its lab environments and employees were affected.
"At this time, there is no known impact to Cisco offers or products. We continue to investigate all aspects of this evolving situation with the highest priority," a Cisco spokesperson said in a statement.
Microsoft said that it was partly impacted by the hack. The company said that it was able to detect "malicious SolarWinds binaries" in its network and engineers have since isolated and removed them. Microsoft said that it has yet to find any indications that its systems were used to attack others.
Other companies that are currently using SolarWinds' software have all issued the same responses — they are still investigating the situation.
The managing director of the Cyber Readiness Institute, Kiersten Todt, said that all companies that are using SolarWinds software should be concerned. She said that the companies should already assume that their networks have been breached and take immediate action.
"Companies will need to do clean-up similar to a hurricane. It is going to be expensive and extensive - companies are going to have to identify what has been breached and what, if anything, remained stable," Todt said.