SolarWinds Hack ‘One Of The Worst In The Last Decade’: Analyst

The SolarWinds hack is likely the worst cyberattack since the 2014 Sony breach due to the campaign’s scale, scope and sophistication, a prominent analyst said.

“There are a lot of white knuckles around this attack,” Daniel Ives, managing director of equity research for Wedbush Securities, told CRN. “Even though much of it is unknown, right now people are fearing the worst.”

The fact that Russian government hackers were able via SolarWinds to breach FireEye – a firm Ives views as the Navy SEALs of cybersecurity – and lurk undetected in the IT ecosystems of heavily fortified federal agencies for eight or nine months has organizations on edge, Ives said. And the scale of the intrusion – with nearly 18,000 enterprises and government agencies vulnerable – quickly caught people’s attention.

[Related: Malware Used In SolarWinds Attack Can Now Be Blocked: FireEye]

“This is a bit of a black eye for the industry,” Ives said. “I believe it’s going to have ramifications for years to come across not just federal but also enterprise cybersecurity.”

CIOs traditionally weren’t focused on SolarWinds since it was seen as a developer tool and had developed a stellar reputation over the past decade, Ives said. In addition, since many SolarWinds capabilities are available on a freemium basis or at a modest price point, Ives said the purchases often didn’t have to get approved at higher levels of an organization’s IT department.

CISOs who’ve spoken with Ives in recent days said they’ve been working around the clock trying to better understand not just the potential impact from the SolarWinds hack, but also to make sure that their whole environment is protected from supply chain attacks going forward. Firms will reevaluate not only their use of SolarWinds, but also anything that could introduce vulnerabilities into the ecosystem.

As a result, Ives expects there will be much more scrutiny of tools that historically were seen as just being for developers. Specifically, Ives expects to see significant regulation enacted around any sort of code or applications that are being put within the government’s ecosystem.

“From top to bottom, there is going to be a much more scrutinized analysis of applications and infrastructure within the government needing to meet different types of security standards,” Ives said. “Because of the nature of the government agencies that appear to have been breached, there are some dark days ahead.”

From an enterprise perspective, Ives expects the SolarWinds hack will drive a huge surge in spending for vulnerability and threat assessment software, particularly around tools that provide visibility into endpoint threats. Ives called out Zscaler, CrowdStrike, CyberArk, Qualys, Varonis, SailPoint, Telos and Tenable as companies that will benefit from the focus on vulnerability assessment and cloud protection.

Those eight companies could be the big winners because of their footprint in the U.S. government space as well as the nature of their cybersecurity product portfolio, according to Ives. Specifically, he said their technology fits the DNA of what government, enterprise and commercial customers will be looking for in the wake of the SolarWinds hack.

“This is not something that’s just going to come and go,” Ives said. “I think this is really going to have a widespread impact.”