SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Cybersecurity spending to increase following SolarWinds hacking
Tue, 5th Jan 2021
FYI, this story is more than a year old

Cybersecurity spending is set to increase by 20% in 2021, following last year's hacking of SolarWinds, according to reports.

A few weeks before the end of 2020, hackers breached software provider SolarWinds, directly infecting the company's Orion software as well as several local, state and federal agencies in the United States. Private companies such as Microsoft also got exposed to malware.

Based on the SEC documents submitted by SolarWinds, it verified that around 18,000 of its customers installed the trojanised updates from its software. This led to a massive search inside enterprise networks and continuous checks to ensure that second-stage malware payloads will be prevented.

According to the research data analysed and published by the Finnish website Sijoitusrahastot, hacking attempts like this will push companies to increase their cybersecurity spending by 20% in 2021. From $40.8 billion in 2019, the total cybersecurity spending in 2020 is $43.1 billion. It is expected to reach $51.7 billion in 2021.

Global Cybersecurity Market to Grow to $248.26 Billion by 2023

According to a study by Markets and Markets, from $152.71 billion in 2018, the global cybersecurity market is estimated to grow to $248.26 billion by 2023. This represents a compound annual growth rate (CAGR) of 10.6%.

North America is forecast to hold the biggest market size because of the presence of many key players and tech companies in the region. At the second spot is Europe, followed by APAC.

Additionally, a Gartner report states that informational security spending alone reached $128.8 billion in 2020.

Aside from the recent hacks, the coronavirus pandemic is also causing short-term demand in areas such as remote worker technology and cloud adoption. Security services got the highest spending, followed by infrastructure protection and network security equipment.

The SolarWinds Hack

On 31 December 2020, SolarWinds said, "We continue to strive for transparency and keeping our customers informed to the extent possible as we cooperate with law enforcement and intelligence communities, and to the extent it is in the best interest of our customers.

"Like other software companies, we seek to responsibly disclose vulnerabilities in our products to our customers while also mitigating the risk that bad actors seek to exploit those vulnerabilities by releasing updates to our products that remediate these vulnerabilities before we disclose them," it said.

"Over the last few days, third parties and the media publicly reported on a malware, now referred to as SUPERNOVA."

Based on SolarWinds investigation to date:

"SUPERNOVA is not malicious code embedded within the builds of our Orion Platform as a supply chain attack. It is malware that is separately placed on a server that requires unauthorised access to a customer's network and is designed to appear to be part of a SolarWinds product."

The SUPERNOVA malware consisted of two components. The first was a malicious, unsigned webshell .dll “app_web_logoimagehandler.ashx.b6031896.dll” specifically written to be used on the SolarWinds Orion Platform.

The second is the utilisation of a vulnerability in the Orion Platform to enable deployment of the malicious code. This vulnerability in the Orion Platform has been resolved in the latest updates.

"We constantly work to enhance the security of our products and to protect our customers and ourselves because hackers and other cybercriminals are always seeking new ways to find and attack their victims," SolarWinds said.

"We work closely with our customers to address and remediate any potential concerns, and we encourage all customers to run only supported versions of our products and to upgrade to the latest versions to the get the full benefit of our updates, improvements, and enhancements."
 
SolarWinds was the victim of a cyberattack to its systems that inserted a vulnerability (SUNBURST) within the Orion Platform software builds for versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1, which, if present and activated, could potentially allow an attacker to compromise the server on which the Orion products run.

"This attack was a very sophisticated supply chain attack, which refers to a disruption in a standard process resulting in a compromised result with a goal of being able to attack subsequent users of the software," the company said.

"In this case, it appears that the code was intended to be used in a targeted way as its exploitation requires manual intervention. We've been advised that the nature of this attack indicates that it may have been conducted by an outside nation state, but SolarWinds has not verified the identity of the attacker."