sb-au logo
Story image

Cybersecurity spending to increase following SolarWinds hacking

Cybersecurity spending is set to increase by 20% in 2021, following last year's hacking of SolarWinds, according to reports.

A few weeks before the end of 2020, hackers breached software provider SolarWinds, directly infecting the company’s Orion software as well as several local, state and federal agencies in the United States. Private companies such as Microsoft also got exposed to malware.

Based on the SEC documents submitted by SolarWinds, it verified that around 18,000 of its customers installed the trojanised updates from its software. This led to a massive search inside enterprise networks and continuous checks to ensure that second-stage malware payloads will be prevented.

According to the research data analysed and published by the Finnish website Sijoitusrahastot, hacking attempts like this will push companies to increase their cybersecurity spending by 20% in 2021. From $40.8 billion in 2019, the total cybersecurity spending in 2020 is $43.1 billion. It is expected to reach $51.7 billion in 2021.

Global Cybersecurity Market to Grow to $248.26 Billion by 2023

According to a study by Markets and Markets, from $152.71 billion in 2018, the global cybersecurity market is estimated to grow to $248.26 billion by 2023. This represents a compound annual growth rate (CAGR) of 10.6%.

North America is forecast to hold the biggest market size because of the presence of many key players and tech companies in the region. At the second spot is Europe, followed by APAC.

Additionally, a Gartner report states that informational security spending alone reached $128.8 billion in 2020. 

Aside from the recent hacks, the coronavirus pandemic is also causing short-term demand in areas such as remote worker technology and cloud adoption. Security services got the highest spending, followed by infrastructure protection and network security equipment.

The SolarWinds Hack

On 31 December 2020, SolarWinds said, "We continue to strive for transparency and keeping our customers informed to the extent possible as we cooperate with law enforcement and intelligence communities, and to the extent it is in the best interest of our customers. 

"Like other software companies, we seek to responsibly disclose vulnerabilities in our products to our customers while also mitigating the risk that bad actors seek to exploit those vulnerabilities by releasing updates to our products that remediate these vulnerabilities before we disclose them," it said. 

"Over the last few days, third parties and the media publicly reported on a malware, now referred to as SUPERNOVA."

Based on SolarWinds investigation to date:

"SUPERNOVA is not malicious code embedded within the builds of our Orion Platform as a supply chain attack. It is malware that is separately placed on a server that requires unauthorised access to a customer’s network and is designed to appear to be part of a SolarWinds product."

The SUPERNOVA malware consisted of two components. The first was a malicious, unsigned webshell .dll “app_web_logoimagehandler.ashx.b6031896.dll” specifically written to be used on the SolarWinds Orion Platform. 

The second is the utilisation of a vulnerability in the Orion Platform to enable deployment of the malicious code. This vulnerability in the Orion Platform has been resolved in the latest updates.

"We constantly work to enhance the security of our products and to protect our customers and ourselves because hackers and other cybercriminals are always seeking new ways to find and attack their victims," SolarWinds said.

"We work closely with our customers to address and remediate any potential concerns, and we encourage all customers to run only supported versions of our products and to upgrade to the latest versions to the get the full benefit of our updates, improvements, and enhancements."
 
SolarWinds was the victim of a cyberattack to its systems that inserted a vulnerability (SUNBURST) within the Orion Platform software builds for versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1, which, if present and activated, could potentially allow an attacker to compromise the server on which the Orion products run. 

"This attack was a very sophisticated supply chain attack, which refers to a disruption in a standard process resulting in a compromised result with a goal of being able to attack subsequent users of the software," the company said.

"In this case, it appears that the code was intended to be used in a targeted way as its exploitation requires manual intervention. We’ve been advised that the nature of this attack indicates that it may have been conducted by an outside nation state, but SolarWinds has not verified the identity of the attacker."

Story image
FrankieOne to build Westpac's BaaS identity infrastructure
“As Australians continue to look for new and different ways to do their banking, we are excited to be part of the ever-growing BaaS movement with Westpac."More
Link image
Virtual demo: Diagnose network cabling problems with the LinkIQ Cable+Network Tester
If you’re finding it difficult to install access points and cabling, or if you can’t pinpoint an issue with a video camera or end user, the LinkIQ Cable+Network Tester could be exactly what you need. Try a free, fully interactive demo now.More
Story image
From Me to We: Partnerships & multiparty systems in the post-COVID-19 age
MPS is all about sharing data infrastructure between people and organisations - think along the lines of blockchain, distributed databases and ledgers.More
Story image
Microsoft Exchange breach a wake-up call to ditch the server
"There are owners who still have in-house exchange servers because they are suspicious of the cloud or have concerns about their data sovereignty or don't want to contemplate the capital expenditure. But the warning is clear. Get rid of them."More
Story image
Fortinet: Hyperscaling networks? Hyperscale your security!
Jon McGettigan, Fortinet A/NZ Regional Director, explains why a broad, integrated and automated security fabric is the most effective strategy to protect users, apps and data in a hyperscaling environment.More
Story image
Identity in the age of eKYC & digital onboarding journeys
When an onboarding process is architected correctly, there are tangible benefits for customer satisfaction.More