“Attackers were able to inject malware into the build process, which is difficult to detect,” Hickman told Toolbox. “This attack was highly sophisticated and the overarching theme here is not SolarWinds or FireEye. This is endemic of many organization’s broad inability to track certificates within the business, know how those certificates are used and how to manage them effectively when something might be wrong. This kind of breach can happen to anyone and highlights the importance of certificate lifecycle management and having the processes and technology in place for visibility and certificate management,” he said.