If you were hoping the SolarWinds hack was going to be a one-off, you're out of luck. Expect more sophisticated and complicated attacks of the same type to come along sooner or later.
The SolarWinds hack – a supply chain attack that saw (most likely Russian state-backed) hackers use SolarWinds' enterprise IT-monitoring software to deploy malware – hit a number of big-name US tech vendors.
These include Microsoft, FireEye (which owns Mandiant), Mimecast, Palo Alto Networks, Qualys, Malwarebytes, and Fidelis. What really set this attack apart was that many of the targets were not just government agencies or businesses, but the security companies themselves.
Some of the cyber security companies were compromised via SolarWinds' tainted Orion update, such as Microsoft was, but this wasn't the only way the hackers infiltrated systems. Malwarebytes for example was breached after attackers gained access to applications with privileged access to its Office 365 and Azure infrastructure. As many 30% of the organisations breached had no direct link to Solar Winds according to a report in the Wall Street Journal.
SEE: Network security policy (TechRepublic Premium)
"What SolarWinds has taught us is that this landscape is more complex and more sophisticated. Is this a different attack? It is a really sophisticated attack," Vasu Jakkal, Microsoft's corporate vice president of security, compliance and identity told ZDNet in an interview.
"These attacks are going to continue to get more sophisticated. So we should expect that. This is not the first and not the last. This is not an outlier. This is going to be the norm. This is why what we do is more important than ever," she said.
"I believe that SolarWinds is a moment of reckoning in the industry. This is not going to change and we have to do better as a defender community and we have to be unified in our responses. We have been out there, leading in this response."
Jakkal takes a similar line to Microsoft president Brad Smith. "While governments have spied on each other for centuries, the recent attackers used a technique that has put at risk the technology supply chain for the broader economy," said Smith in the wake of Microsoft's disclosure about the attacks.
"This is not just an attack on specific targets, but on the trust and reliability of the world's critical infrastructure in order to advance one nation's intelligence agency," he said.
"It's an unprecedented time. Full stop," says Jakkal. "Cybersecurity vendors getting hacked – that is a moment of reckoning."
Microsoft is also looking at security as a key area of growth. Microsoft CEO Satya Nadella announced at this week's second-quarter earnings report that commercial cloud sales were through the roof and that Microsoft's overall security business was now worth $10 billion a year in revenues.
To put that in context, Microsoft's cybersecurity business is worth about 14% of the $66.8 billion annual revenue run rate that the entire Microsoft cloud business is expected to make this year.
Microsoft's security portfolio is vast. There's Microsoft Defender for Mac, Windows and Linux endpoints, Defender for email and Defender for Office 365. Microsoft calls this business XDR or the extended detection and response portfolio, which has been bolstered by its security information and event-management (SIEM) platform, called Sentinel.
Jakkal is still upbeat about the prospects of the US cybersecurity and broader software industry rising to the threat demonstrated by the SolarWinds hack. She argues that by going after so many tech security providers, the hackers have shown that the industry needs to act as one.
"And we have come together. I'm really impressed to see how the cybersecurity industry – FireEye, Microsoft – how we can get together across private and public sectors to discuss how we can share more information between organizations.
"These are things we are considering. This is why it is a moment of reckoning, a moment of pause," says Jakkal.