The successful cyberattack on the U.S. Treasury, U.S. Commerce Department and a handful of major U.S. companies reported earlier this week may be far worse than initially feared.
What Happened? On Monday, Microsoft Corporation MSFT and cybersecurity company FireEye Inc FEYE said hackers breached software provider SolarWinds Corp SWI and then deployed malware to infect networks of other companies and government agencies.
"The hack compromised federal agencies and 'critical infrastructure' in a sophisticated attack that was hard to detect and will be difficult to undo, the Cybersecurity and Infrastructure Security Agency said in an unusual warning message," The Associated Press reports.
On Thursday, Microsoft said it found malicious software in its system and certain Microsoft Azure cloud services systems may have been compromised.
“Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious Solar Winds binaries in our environment, which we isolated and removed,” a Microsoft spokesperson said on Thursday.
A Russian government hacker group known as APT29 or Cozy Bear was reportedly responsible for the attack.
Why It’s Important: Wedbush analyst Daniel Ives said headlines about the attack have gotten worse throughout the week.
“To put it bluntly, based on all the initial data and speaking with our Beltway contacts today we believe this cyber attack will likely rank as one of the worst (very possibly the worst ever) in the last decade given the targeted and cyber espionage nature of this attack,” Ives wrote in a note.
Ives said this attack could not have come at a worse time given the U.S. government is likely dealing with unprecedented levels of online vulnerability this year. Most government agencies are having employees work from home due to the pandemic, and those employees are accessing sensitive applications and data remotely from “ubiquitous endpoints.”
The good news for investors is that the breach highlights the critical nature of services from cybersecurity stocks like FireEye, Zscaler Inc ZS, Crowdstrike Holdings Inc CRWD and Cyberark Software Ltd CYBR.
Ives estimates these companies will be among those competing to capitalize on a $200 billion growth opportunity in cloud security over the next five years.
Benzinga’s Take: As bad as the public headlines about the government breach have been, there’s a good chance the public isn’t getting the full story on exactly what happened with the attack and what the long-term fallout could be. The FBI and other government intelligence agencies are giving Congress a classified briefing on the incident on Friday.
© 2024 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
Comments
date | ticker | name | Price Target | Upside/Downside | Recommendation | Firm |
---|
Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.