3 Stocks for the Rise of Ransomware
What would you say is the biggest threat to national security in the 21st century?
There is, of course, the ongoing threat of nuclear weapons wielded by rogue nations and hostile governments.
Then, as the whole world learned throughout 2020, worldwide pandemics are something to worry about.
But what about a threat that not many think about in their day-to-day lives? It’s something that largely goes unnoticed mainly because its actions go unseen and the incident itself doesn’t become public knowledge until the fallout has already started.
Instances of cybersecurity breaches have been on the rise in recent years, and it paints a picture of a new landscape that will dominate the conversation over the next decade.
With how intertwined modern life and technology are, criminal groups and operatives working on behalf of various governments all over the world are getting increasingly more bold and ambitious with their targets.
It seems like nothing is safe. From critical infrastructure, to food supply chains, to health care facilities and some of the largest, most well-known companies in the world, cybersecurity threats have become a problem for just about everyone.
These threats take on many different forms, and the goals of the attackers behind them are just as varied. It’s with those facts in mind that companies and governments are coming up with ways to fight back against this threat that’s becoming ever more prominent.
That’s why this report is going to look at the varied ways in which cybersecurity threats present themselves, what sorts of effects they can have, and what’s being done to combat them.
There have already been a few high-profile events just in recent memory and it’s almost a guarantee that more will be coming. Because of that, it pays to have a good understanding of just what form these cyberattacks can take.
Ransomware attacks are among the most common types of cyberattacks. When a computer system is hit with this kind of attack, software encrypts the files and the party behind the attack demands a ransom. If the ransom is paid, then access to the files is restored.
Ransoms in these kinds of attacks have often been in the range of a few hundred to a few thousand dollars when the victims were everyday people. They’ve been in the millions when large companies and organizations were targeted. The criminals behind them usually demand payment be made in cryptocurrencies like Bitcoin.
Often, these attacks happen because the person or group behind them tricks an authorized user into giving them access. Other times, the attackers find security holes that allow them to get into the system and do whatever they want. However these attackers manage to gain access, the result is always the same: crucial files are encrypted and a message is displayed saying that access to those files can only be restored with what’s called an encryption key, which is an unpredictable and unique string of bits made specifically to encrypt and decrypt data.
Encryption keys can be cracked, but the longer the key length is, the harder that proves to be. That just goes to show why they are such popular tools when it comes to ransomware attacks.
Think back to May 7th, 2021 and how Colonial Pipeline came under attack. The group behind that incident used ransomware to gain access to the system that carries gas and jet fuel from Texas to New York. This one system is responsible for 45% of the fuel used by the East Coast of the United States, and a hacker group was able to take it down.
This led to a disruption in operations for the pipeline as the company responsible for it scrambled to try and fix the issue. Long lines formed at gas stations in states all along the Eastern Seaboard and Southeastern U.S. as people gave in to panic buying. Pumps ran out of fuel and prices climbed as people filled whatever containers they could get their hands on.
The decision to shut down the pipeline came from the company rather than the hackers, as it was revealed that the group behind the attack, a group called DarkSide, had access to company data rather than the systems needed to affect the pipeline itself.
Still, the company paid the ransom of 75 bitcoins, a value of roughly $5 million, to get the necessary encryption key. The company got its data back and DarkSide got away with it, at least for a while. The FBI managed to get the money back, but the actual attackers are still at large, though the group itself disbanded.
That’s just one instance of a recent incident where ransomware took a major company offline and the attackers made away with millions.
In May 2021, a hacker group called REvil did the same to JBS, the largest meatpacking company in the world. Facilities in multiple countries were shut down and the company was forced to pay the hackers $11 million to regain access to its data.
Beyond that, in 2021 alone, ransomware attacks targeted Ireland’s national health service, water treatment facilities in Norway, and live television broadcasts in Australia, just to name a few. That gives you a sense of the variety of sectors these attacks target and just what kind of data the criminals behind them try to go after.
But ransomware is hardly the only tool these hacker groups use to try and get what they want.
At some point, you’ve probably gotten an email, phone call, or text message from someone who claimed to be from a utility company, insurance company, government office, or some other organization asking you for personal information like your credit card number or social security number so that they could access your accounts.
This is a social engineering tactic called phishing, and it’s what groups of hackers use to steal the identities and finances of hundreds of thousands of people per year.
What usually happens is that the person being targeted will receive a message that impresses a sense of urgency or an offer that’s too good to be true. This can come in the form of saying that the person has won a contest or has been chosen to receive some deal that needs to be acted upon immediately. The person will be told to click a link or open an attachment that will then infect the person’s computer with malware that either leads to a ransomware attack or directs the user to what looks like a legitimate website. That website might resemble the website of the person’s bank or some other institution, and when the victim enters their name and password, the attackers have access and can do whatever they want.
These same methods work for stealing information like credit card numbers, social security numbers, and banking details.
According to the FBI, phishing is the most common type of cybercrime, with 241,324 reported incidents having occurred in 2020. Around 75% of organizations around the world experienced some kind of phishing attack, with the most targeted industries being health care, education, technology, and manufacturing.
Indeed, no company is safe and attackers continue carrying out these kinds of attacks exactly because they know how lucrative they can be. Between 2013 and 2015, for example, Facebook and Google got scammed out of more than $100 million through a fake invoice scam.
A hacker based in Lithuania was able to impersonate a large manufacturer in Asia that both companies do business with and trick the tech firms into paying him for computer supplies. He did this by sending invoices to the companies’ accounting departments and using forged email addresses and corporate stamps.
In 2016, Crelan Bank in Belgium lost 70 million euros to fraud when a hacker used what’s called CEO fraud. In this type of attack, an email is sent to a high-ranking executive or someone in the finance department from a supposed business partner or someone else high up in the company. That email asks for a money transfer to finalize an urgent transaction. Hackers pull these types of attacks off by displaying detailed knowledge of the business, the people they are addressing, and the people they are pretending to be.
In 2020, it seemed like scammers were taking full advantage of the confusion the pandemic caused throughout the postal service to send SMS messages to unsuspecting victims. People would receive text messages telling them that there was important information regarding an incoming delivery and instructed them to click an included link.
Upon clicking that link, the victim would often be taken to a page that would attempt to steal the credentials to their Google accounts. This followed a similar scheme that came about in February of 2020, where hackers sent messages saying they were from FedEx.
As you can see, these phishing attacks take on many different forms and target individuals and organizations alike. It’s become one more tool in the arsenal of criminal groups to try and steal money and personal information from hundreds of thousands of unsuspecting victims every year.
Distributed Denial of Service (DDoS )
A distributed denial of service attack is one in which a targeted server, service, or network is overwhelmed with a flood of traffic, effectively taking it down and silencing the connected website, application, or even entire business if the attack is on a large enough scale.
The resources that make up a computer network, things like web servers, can only have so many requests at once and the channels that connect those servers to the internet only have so much bandwidth. If they get overwhelmed, nothing works the way that it should. Think of it like trying to get onto a busy highway when absolutely every lane is choked with traffic. No one is going to be able to get anywhere for a good while, and even as that happens, more cars will try to enter, making the problem even worse.
Though these kinds of attacks don’t aim to steal money or data, there are still numerous reasons why attackers might carry out a DDoS attack. Companies lose revenue when their services go down and, beyond that, there is damage to the brand. Consumer confidence is everything when it comes to commerce, and an attack that makes service unavailable can derail that confidence.
Likewise, DDoS attacks can be used for political ends, such as to silence movements that campaign against authoritarian governments. It could also potentially be used to disable campaign websites and other online assets friendly to opposition parties in elections. Whatever an attacker’s aim is, the effects of DDoS attacks can last for hours, days, or even weeks in the cases of the most sophisticated attacks.
Companies have been plagued by denial of service attacks for years, and they have far-reaching effects. Consider, for instance, the February 2020 attack against Amazon Web Services. This attack lasted for three days and sent 2.3 terabytes of data at its peak to the IP address of one of the service’s clients. To give some context, that’s about 80 days’ worth of video data.
In 2012, six U.S. banks — Bank of America, JPMorgan Chase, U.S. Bank, Citigroup, Wells Fargo, and PNC Bank — were hit with a series of attacks that generated 60 gigabits of traffic per second. These attacks successfully took the companies’ websites offline, keeping customers from doing any online banking. An Iranian group called Izz ad-Din al-Qassam Cyber Fighters claimed responsibility for the attack and it’s believed that it was carried out in retaliation for economic sanctions that had recently been put in place in response to Iran’s nuclear program.
This incident was significant because the size of it led the U.S. state department to seek the help of other countries in taking down the computers that were flooding the banks with junk data and it showed that these attacks are a tool in the arsenal of groups acting on behalf of enemy governments.
When it comes to cybercrime, the methods above are just a small portion of what governments and corporations are dealing with. The tools and methods that criminal groups and rogue governments use are only going to get more sophisticated, which is why you will start seeing more talk about companies coming up with solutions to counter these threats.
It’s a new dimension of modern warfare, and getting ahead of it early is the best way for companies and countries to safeguard their assets. For investors, it’s the best way to get in early on the potential profits.
With that in mind, here are just a handful of companies who are staking their claims in the sector before it really begins to take off.
IBM (NYSE: IBM)
IBM, or International Business Machines, is a household name when it comes to information technology. Having been in business since 1911, it has been at the forefront of just about every trend in technology that you can think of.
It’s reached that status thanks to work in areas such as blockchain technology, IT infrastructure, cloud computing, security, and other branches of information technology.
Being one of the biggest technology companies in the world, it makes sense that IBM offers its customers a suite of cybersecurity solutions. Over the past few years, the company has especially sought to make gains in the Cloud segment, an area where it lagged behind industry rivals like Microsoft and Amazon. That’s why, in 2019, IBM acquired a company called Red Hat to the tune of $34 billion.
Red Hat, a multinational software company based in North Carolina, was founded in 1993 and specializes in open-source software products for businesses. In becoming a subsidiary of IBM, Red Hat brings what’s called “hybrid cloud” software, which allows private cloud and public cloud to communicate. This makes it possible for companies to deploy more flexible IT infrastructure, using either a public or private cloud as their needs see fit while more easily managing costs.
As far as cybersecurity is concerned, this is an important acquisition because IBM is making the cloud an important part of its business strategy and that will go hand in hand with security services that already form an important cornerstone of its business offerings.
Red Hat has the technology and IBM has the capital, reach, and name recognition to put itself in a place where it will be able to go after the segments of the market where Amazon and Microsoft have thrived for the past few years.
With the pandemic changing the way the world looks at how work gets done, cloud computing is only going to grow as a sector for the foreseeable future. As that sector grows, so too will the cybersecurity threats that seek to exploit companies that use cloud technology. IBM’s security business is built around a broad portfolio of consulting and managed security services that cater to many of the world’s largest enterprises, so it is in position to take advantage of that sector growth in a way few IT firms are.
The company’s recent financials paint it as a good bet for growth in the near future.
Recent years saw IBM struggling with more losses than gains from quarter to quarter, but that changed with Q1 2021. During that period, the company’s revenue grew by 1% to $17.7 billion, which is the highest the company has seen since Q2 2018. That went against estimates that some analysts had predicted and much of that was attributed to the company’s cloud business.
“Strong performance this quarter in cloud, driven by increasing client adoption of our hybrid cloud platform, and growth in software and consulting enabled us to get off to a solid start for the year," said Arvind Krishna, IBM chairman and chief executive officer. "While we have more work to do, we are confident we can achieve full-year revenue growth and meet our adjusted free cash flow target in 2021.”
Its cloud segment specifically was up 21% year over year at $6.5 billion, driven by an independently operating Red Hat, whose Q1 revenue was up 17%.
Arvind Krishna sees this kind of steady growth as a positive, as it establishes a foundation on which the company can get back to the kind of long-term stability that it had enjoyed until recently. This modest, measured approach goes against the typical ethos you often hear when it comes to investing, but it paints a realistic picture of what IBM’s leadership has planned for the company’s near future.
His vision appears to be working, as IBM’s second- and third-quarter reports for 2021 also showed increased revenue. In both cases, much of that growth could be attributed to revenue from Red Hat.
That vision, combined with Red Hat as part of its business strategy, makes it possible for IBM to carve out its place in this market over the next few years.
Prosus (OTCMKTS: PROSY)
Prosus is an internet assets company based in the Netherlands that specializes in building up other companies. In the company’s own words, it looks for “opportunities to address big societal needs in markets where they see the biggest growth potential.” Because of this, the company’s reach extends to every major market on the planet. If Prosus thinks a company has promise, then it moves quickly to expand that company.
Its operations are organized into several different areas, such as payments and financial tech, education tech, food delivery, electronic retail, and travel.
For cybersecurity, we’re going to look at holdings of educational technology (EdTech) companies. As stated earlier in the report, the cybersecurity sector is only going to grow over the coming years, and that means companies will be looking for people with the kinds of in-demand skills needed to keep networks and other aspects of information technology secure.
According to a recent report, the Cybersecurity services market is expected to grow by 10% between now and 2028, at which point it will be worth roughly $192 billion. While the industry itself is set to see healthy growth, the growth of individual jobs within the sector will far outpace it.
Jobs that require skills in areas like cloud security, application development, and health information security are just a handful of the areas that will be in demand as more companies seek talent to help protect their assets from increasingly sophisticated cyberattacks. In fact, according to the U.S. Bureau of Labor Statistics, cybersecurity jobs will grow 31% through 2029. That’s seven times more than the national average job growth of 4%.
Prosus is in position to take advantage of this trend because of its offerings in EdTech. This is especially true thanks to its latest acquisition, a company called Stack Overflow. Stack Overflow is an online community for software developers that offers a question-and-answer format for anyone needing help with matters related to coding skills. It’s one of the most popular websites of its kind, with 100 million monthly visitors.
Prosus acquired the company in a $100 billion deal because it sees the value and potential in online learning for tech professionals. This is the first time Prosus has outright purchased an EdTech company, rather than simply investing in it, and it was seen as a shrewd move by analysts because of the growth in remote working that’s set to remain following the COVID-19 pandemic.
The investment strategy that the company’s leadership has deployed has served it well, as evidenced by the results it released for the fiscal year that ended March 31st, 2021. The company reported revenue of $28.8 billion, up from $21.5 billion the year prior. Trading profit came in at $5.6 billion, up from $3.8 billion.
Durings its half-year results reported for the period that ended September 30,2021, the company reported increased ecommerce revenue growth of 53%, with trading profit up 8%.
Like many others, Prosus didn’t escape a bit of pain caused by the tech selloff, but its price has since stabilized and its prospects for the near future look bright thanks to leadership’s commitment to putting money into small companies that are getting ahead of tech trends.
It’s in a good position to take advantage of the increased focus on cybersecurity and many other coming trends, making it a strong investment choice.
Raytheon (NYSE: RTX)
You might know it as one of the biggest names in defense and aerospace, but Raytheon also has quite the extensive background in information security. As a defense conglomerate, Raytheon knows the importance of operational security, and its status as one of the premier companies in its sector means that it has the resources to provide cybersecurity services that many other companies simply aren’t able to.
Its Cyber Analytics and Intelligence Services, for instance, allows the company to find data, sort through it, and turn it into actionable intelligence and insights that companies and government agencies need to stay ahead of constantly evolving threats like cyberattacks and data breaches.
It also has a physical systems security service where it protects engineered systems like power grids, agriculture operations, transportation networks, and anything else internet-connected to ensure reliability and resilience against any kind of intrusion. This is an especially important service given the rise of the Internet of Things and Smart technology that we’ve been seeing in the past few years and will continue seeing in the immediate future.
In this segment, Raytheon works with many different partner companies to bring the appropriate tools and expertise to its clients. These alliances keep the company at the top of the industry while ensuring the clients have everything they need to protect their assets.
There is also Raytheon’s offering of Cyber as a Service, a subscription service that makes it possible for its clients to get state-of-the-art tools, training, and protection at all times. With the speed at which technology changes, organizations need to constantly update their infrastructure to protect data, and they need to be able to do it while keeping operations running smoothly.
The support that Raytheon offers through this service is available 24/7, and offers solutions that include cybersecurity training, system assessments, data recovery, and proactive threat hunting, among others.
These are just a few of the tools clients working with Raytheon can expect. Not only is Raytheon a strong bet when it comes to cybersecurity because of its offerings, but because of who the company typically works with.
As a defense and aerospace company, Raytheon does most of its business with the United States government. This means the company has a stable, repeat client that will always need its wide range of services, and it’s why the company expanded its offerings to include cybersecurity alongside its typical offerings of aircraft engines, air defense systems, satellites, and the other products the company is known for.
Because the company is in the defense industry, it enjoys the benefit of being resistant to recession and other economic downturns. Likewise, because Raytheon and others in the industry provide a lot of jobs, making cuts to defense spending is often politically unpopular, so politicians tend to shy away from doing it.
Like just about every other company, Raytheon wasn’t able to escape the COVID-19 pandemic unscathed. The downturn that commercial airlines saw extended to Raytheon, to the point that the company had to lay off 20,000 employees who worked in its engine and aircrafts division in October 2020. This coincided with a drop in its share price from $62 to around $52, but that share price has since more than recovered in wake of states opening back up and travel working its way back toward normal levels as you can see in the chart below.
That recovery translated to better-than-expected Q1 2021 results. Earnings per share came in at $0.90 per share versus an expected $0.88 on sales of $15.3 billion. While the company’s aerospace sales were down 32% over the reported period, the Intelligence and Space and Missile and Defense segments saw sales that were 2% and 3% higher respectively.
The pattern repeated in the second and third quarters, with positive results leading to the company raising the 2021 outlook. Sales across both quarters were up roughly 10%.
This illustrates the long, slow recovery that CEO Gregory Hayes said the company had ahead of it. When you consider the factors the company has in its favor, along with the picture painted by its quarterly results, it looks like Raytheon will continue to be at the top of the defense industry. This can only mean good things for the company’s prospects in the cybersecurity segment as it becomes more important to more companies and governments all over the world.
What the Future Holds
Cyberattacks can be carried out from anywhere and can take many different forms. With them being a tool of both governments and criminal groups, rival nations and companies alike will need to do everything in their power to protect their assets and safeguard their data accordingly.
The three companies named in this report are in the perfect position to benefit from that growing market, making them sound investments for anyone who wants to get in the sector.
With the growing importance cybersecurity is going to play in the very near future, you’ll be hearing more and more about up-and-coming companies in the space, as well as storied companies making their moves.
Here at Daily Profit Cycle, we keep a lookout for exactly these kinds of plays so that you can get ahead in budding industries and sectors before the general public catches on.
Speaking of plays you should be aware of...
Every month you pay the power company.
You have no choice in who provides it... where it comes from... or how it’s generated...
And you certainly don’t get a say over how much it costs.
You have very little control.
That’s all about to change.
A little-known government order is about to transform electricity as you know it.
Taking one step could put you ahead of it… and allow you to profit.
Full details here.