Cyberattacks are on the rise – which companies are likely to benefit?
The US Department of Justice has recovered more than $2.3m from last month’s Colonial Pipeline hack incident, but questions persist about how the world’s largest economy – and the rest of us, for that matter – can prevent a future attack on its infrastructure systems.
On Monday, US officials announced that they had identified a virtual wallet which they suspect is related to DarkSide, the hacking group responsible for last month’s Colonial Pipeline debacle. As a result, they managed to retrieve the 63.7 bitcoin ransom, currently worth about $2.3m.
The Colonial Pipeline, America’s largest fuel pipeline, was shut for five days after the pipeline was confronted on 7 May with a ransomware attack by Darkside. The hacking group is believed to have Russian ties.
Once DarkSide encrypted Colonial’s data, it demanded cryptocurrency payments as ransom in exchange for giving Colonial Pipeline a decryption tool to unlock the systems that DarkSide hackers had brought to a standstill. Colonial Pipeline paid almost $5m to the hackers as a result.
Subscribe to MoneyWeek
Subscribe to MoneyWeek today and get your first six magazine issues absolutely FREE
Sign up to Money Morning
Don't miss the latest investment and personal finances news, market analysis, plus money-saving tips with our free twice-daily newsletter
Don't miss the latest investment and personal finances news, market analysis, plus money-saving tips with our free twice-daily newsletter
The hack was one of the worst infrastructure attacks in US history. The 5,500 mile-long pipeline which runs from Texas to America's east coast is important because it provides more than 45% of the east coast’s fuel, including home heating oil, jet fuel, petrol and diesel.
Given the volume of fuel that flows through the pipeline, the closure unsurprisingly wrought havoc, propelling panic buying across both petrol and gas markets.
How can the US prevent future attacks?
The good news for Colonial is that the FBI did manage to get some of the money back. The Department of Justice is unlikely to boast of exactly how they did it. But we do know that the FBI obtained access to the “private key” belonging to the hacker’s Bitcoin wallet, according to an affidavit. Once they got the key, the FBI simply logged in with a password and diverted digital coins away from the hacker’s wallet.
The bad news for the rest of us is that this is unlikely to be the last such cyberattack. Infrastructure in both the US and globally has already been subject to a number of high-profile attacks that extend well beyond the energy industry.
For example, the Colonial Pipeline hack came just months after hackers broke into SolarWinds, a Texas-based company. The hackers flooded the company’s software system with malicious code, affecting up to 18,000 customers. Most recently, JBS USA, the world’s largest meat supplier, was the target of an “organised cybersecurity attack”, threatening meat supplies.
As Forbes points out, unless companies and governments take measures to boost cybersecurity, “a future hack could target civilian infrastructure, disrupting hospital systems or the air traffic control frequencies”.
President Joe Biden’s $2trn “American Jobs Plan” has pencilled in $20bn for state, local and tribal governments to improve their energy systems and ensure they meet cybersecurity standards. The plan proposed an extra $2bn for “grid resilience in high-risk areas that will be contingent on meeting cybersecurity targets,” reports Bloomberg.
Basic hygiene would help a lot
But this isn’t just about increased spending. Companies need to get better at doing very simple things such as practising basic “security hygiene” to reduce the likelihood of future attacks, Philip Reiner, chief executive of nonprofit group the Institute for Security and Technology notes in The Verge.
These include things such as ensuring multi-factor authentication is in place (whereby you are asked to verify your identity via more than one route), and that response plans are ready so that firms are prepared to cope with attacks and have robust backup systems in place.
These measures may seem obvious, but Reiner points out that a lot of cyber crime is down to companies’ failure to practise basic security hygiene, rather than uber-intelligent hacking. Indeed, Colonial Pipeline chief executive Joseph Blount said this week that DarkSide was able to hack the system using a single password, due to a lack of multifactor authentication.
Alternatively, as the BBC points out, the simplest way to protect operational technology from such attacks “is to keep it offline, with no link to the internet at all”.
The trouble is, as cybersecurity expert Jon Niccolls at IT security firm CheckPoint tells the BBC, all devices used to run a modern oil and gas pipeline are controlled by computers rather than people, and any device which is connected to an organisation’s internal network leaves the pipeline “vulnerable to malicious attacks”.
Which cybersecurity stocks may be worth buying?
Ransomware and cybersecurity attacks are rising for a host of reasons: widespread working from home in particular makes IT systems harder to protect, while the largely anonymous nature of cryptocurrencies gives hackers a bigger incentive to conduct attacks.
Given the spate of publicity and the clear sense that this is a growing problem, you’d expect cyber stocks to have risen in recent months. Yet along with the wider tech sector, software and cybersecurity stocks have underperformed.
Goldman Sachs was upbeat on prospects last month: “As we heard from management teams after the SolarWinds attack, we believe that most security software vendors will likely benefit from greater long-term demand and growth, as opposed to a near-term acceleration in demand,” the bank said, reports CNBC.
Investors Daily highlights stocks including Fortinet (Nasdaq: FTNT), CrowdStrike Holdings (Nasdaq: CRWD), Proofpoint (Nasdaq: PFPT) and Palo Alto Networks (NYSE: PANW).
But if you are looking for a broad way to invest in the sector, then an exchange-traded-fund could be one way in. Most are US-based, but there are a few UK funds, including the Rize Cybersecurity Data Privacy ETF (LSE: CYBP), the Legal & General Cybersecurity ETF (LSE: ISPY), the iShares Digital Security ETF (LSE: LOCK), and the WisdomTree Cybersecurity ETF (LSE: WCBR).
Sign up to Money Morning
Our team, led by award winning editors, is dedicated to delivering you the top news, analysis, and guides to help you manage your money, grow your investments and build wealth.
Saloni is a web writer for MoneyWeek focusing on personal finance and global financial markets. Her work has appeared in FTAdviser (part of the Financial Times), Business Insider and City A.M, among other publications. She holds a masters in international journalism from City, University of London.
Follow her on Twitter at @sardana_saloni
-
Tycoon Truong My Lan on death row over world’s biggest bank fraud
Property tycoon Truong My Lan has been found guilty of a corruption scandal that dwarfs Malaysia’s 1MDB fraud and Sam Bankman-Fried’s crypto scam
By Jane Lewis Published
-
Why undersea cables are under threat – and how to protect them
Undersea cables power the internet and are vital to modern economies. They are now vulnerable
By Simon Wilson Published
-
Halifax: House price slump continues as prices slide for the sixth consecutive month
UK house prices fell again in September as buyers returned, but the slowdown was not as fast as anticipated, latest Halifax data shows. Where are house prices falling the most?
By Kalpana Fitzpatrick Published
-
Rents hit a record high - but is the opportunity for buy-to-let investors still strong?
UK rent prices have hit a record high with the average hitting over £1,200 a month says Rightmove. Are there still opportunities in buy-to-let?
By Marc Shoffman Published
-
Pension savers turn to gold investments
Investors are racing to buy gold to protect their pensions from a stock market correction and high inflation, experts say
By Ruth Emery Published
-
Where to find the best returns from student accommodation
Student accommodation can be a lucrative investment if you know where to look.
By Marc Shoffman Published
-
Best investing apps
Looking for an easy-to-use app to help you start investing, keep track of your portfolio or make trades on the go? We round up the best investing apps
By Ruth Emery Last updated
-
The world’s best bargain stocks
Searching for bargain stocks with Alec Cutler of the Orbis Global Balanced Fund, who tells Andrew Van Sickle which sectors are being overlooked.
By Andrew Van Sickle Published
-
Revealed: the cheapest cities to own a home in Britain
New research reveals the cheapest cities to own a home, taking account of mortgage payments, utility bills and council tax
By Ruth Emery Published
-
UK recession: How to protect your portfolio
As the UK recession is confirmed, we look at ways to protect your wealth.
By Henry Sandercock Last updated