It's Beyond Time to 'Get Real' About Cybersecurity
The SolarWinds attack keeps getting worse... The U.S. is playing catch-up... It's beyond time to 'get real' about cybersecurity... An opportunity for investors... A 'hidden asset' company with a handle on the solution...
The story about the massive cyberattack on U.S. computer systems keeps getting worse...
We're learning more disturbing details every day...
It's being dubbed the "SolarWinds (SWI) attack" – named for the Texas-based network-management software company at the center of the whole episode. Essentially, U.S. officials suspect Russian hackers are behind a widespread digital breach of thousands of public and private companies and U.S. government agencies.
The scope of this cyberattack is massive... And frankly, it's probably even wider and deeper than we just made it sound.
Even worse, this attack went undetected for much of last year... That's right, as if 2020 wasn't bad enough, we're still learning bad, new information about it in retrospect.
And this plot should be more accurately described as a sophisticated digital espionage operation...
We'll dive into the details and the rest of the bad news to start today's Digest because it's important. But eventually, we'll also get around to the silver lining of this mess, too...
That is, this massive attack should stick in the minds of everyone in the cybersecurity world for a while... And in the years ahead, it should highlight the growing need and demand for tougher cybersecurity defenses in the U.S.
Beyond that, by paying close attention to the companies doing the best work in this space today, investors like us can position ourselves to make massive profits as it all plays out...
The 'spam' filters are even being hacked...
Just today, we learned that e-mail security company Mimecast (MIME), which filters out spam messages in our company inboxes, added its name to the long list of companies that have been compromised or targeted in the plot...
We can imagine someone nefarious wanting to see if their phishing e-mails were getting through the spam filters or not... Like we said, this is sophisticated. We're a long way beyond someone stealing a credit-card number and calling it a day.
Larger companies – like Microsoft (MSFT) and its big cloud vendor business, and even cybersecurity leader FireEye (FEYE), which is supposed to stop these things from happening – have previously been identified in this attack, too...
For now, it's believed that the breaches started sometime in the spring of 2020 with Russian hackers, who were thought to be working with the country's intelligence agency, getting "backdoor" access to the software and code of SolarWinds. As Stansberry NewsWire analyst Daniel Smoot reported on Monday...
According to Reuters, Moscow-based cybersecurity company Kasperksy said on Monday that the planted "backdoor" access was similar to malware often used by a hacking group known as "Turla." The news service added that Estonian authorities have highlighted that Turla works with Russia's FSB security service.
We also know that the networks of more than 18,000 of SolarWinds' customers were breached... and SolarWinds' clients include U.S. government agencies like parts of the Pentagon, the departments of the Treasury and Homeland Security, and several corporations that control the country's power grid.
We hope it doesn't take something like the power grid being disrupted to really get people's attention...
SolarWinds is now scrambling to find out precisely what happened... how much the hackers got access to... for how long (it might be even longer than first thought)... and what they might be doing with the information now.
That's a lot of unknowns, particularly for a network-management company. And ones that are hurting the company's stock, too... SolarWinds' share price has dropped roughly 40% since reports of the breach started trickling out at the start of December.
Last week, SolarWinds hired Chris Krebs, the former director of the U.S. Cybersecurity and Infrastructure Security Agency, as a consultant to help with an investigation. As tech website CNET reported...
SolarWinds is currently investigating how hackers penetrated its systems and inserted malicious software into an update to the company's popular Orion products. Thousands of SolarWinds customers installed the tainted update, and hackers were then able to access their systems. Federal agencies, major tech companies and hospitals were among the organizations targeted by the hackers.
Yesterday, SolarWinds revealed some of what it has found so far...
The company shared early findings in a U.S. Securities and Exchange Commission filing, saying it was able to reverse engineer code. That allowed it to learn more about the hacking tool that was developed and deployed into its software.
However, SolarWinds wasn't able to independently verify the identity of the perpetrators.
In other words, it's still catching up... almost a year later.
And the fallout is probably going to get worse before it gets better... CrowdStrike (CRWD), the cybersecurity firm that is doing its own investigation, said yesterday that it found "test code" hacks – undetected warning shots, if you will – into the SolarWinds management software as early as the fall of 2019.
Has your daily life been 'hacked' recently?...
Just two days ago, I (Corey McLaughlin) went online to request a prescription refill and found that the medical center network of my family's primary care physician was down because of a hack. It's annoying when the plan to do something as seemingly simple as that gets derailed.
And a few months ago, my wife received a phishing e-mail to a personal account that included a password that she hadn't used in probably a decade... Someone was threatening to use it if we didn't send a few bitcoin. Very concerning, indeed.
(Note: If you get a similar message, it's wise to not believe it. In a recent edition of his free Health & Wealth Bulletin daily e-letter, our friend and colleague Dr. David "Doc" Eifrig shared a few tips about how to not let a scam fool you.)
You might also remember our report about the Baltimore County school system being hacked just before Thanksgiving...
That situation has left a lasting impact... It has generated emotional responses and divided teachers and the county over how the response has been handled, even after the practical issues – like which computers were compromised – were identified.
As we wrote about the Baltimore County schools hack back in November...
That's the thing about cyberattacks... If the hackers are successful, they can gain access to certain pieces of data in minutes (or sometimes even seconds). And they can steal administrative rights to a system and start looking for data unnoticed within a few days.
On the defensive side, though... finding, fixing, and then protecting that same system can take companies or school districts weeks or even months – and cost a lot of money.
The same dynamic is essentially at play in the SolarWinds attack...
And while smaller in scale, the Baltimore County school system hack directly upended many folks' daily lives in the middle of an already anxiety-provoking time than a foreign (or domestic) actor likely hadn't been able to do before.
So forgive us for feeling like the hackers are winning today.
This is a long way of saying that the cybersecurity industry, which already totals an estimated $150 billion in annual activity, has a lot more runway for growth than most people likely imagine. And we're already seeing it start to play out...
This week, IT-services provider Booz Allen Hamilton (BAH) announced plans to invest in digital forensics company Tracepoint. As NewsWire analyst Nick Koziol reported...
A BAH senior vice president said that the deal highlights the rapid response needed to protect against cyberattacks. In recent weeks, reports about a cyberattack that impacted the U.S. government and some of the world's largest software companies have made headlines. As a result, companies need to have plans in place to mitigate these threats, the executive said.
It's about time we take cybersecurity more seriously...
To us, that means throwing a lot of money and resources at the issue... And as we described back in November, partnerships between the government and public and private companies are one way to push the ball forward.
As we wrote in the November 30 Digest, the problems are too big to be solved by one company or a single government agency...
We cited Jamil Jaffer, a cybersecurity expert and former associate White House counsel to President George W. Bush and an executive at IronNet Cybersecurity. As he said in an interview with us...
The reality today, unlike pretty much any time in the last 50 or 100 years, is that we expect the American private sector to defend itself... You don't expect Target or Walmart to have service-to-air missiles on the roof of their warehouses to defend against Russian bear bombers coming over the horizon, right?
And yet, today in cyberspace, we know that our nation and primarily our private-sector companies are under massive sustained assault, whether it's stealing intellectual property by the Chinese, or the Russians, who are trying to engage in election interference, or the Iranians and North Koreans, who want to conduct destructive attacks on our systems...
Like we said then, Stansberry Venture Value editor Bryan Beach talks about this in detail in a special report available to subscribers of his service...
In March, the federal Cyberspace Solarium Commission, founded by the late John McCain in 2019, released its final report at a public event on Capitol Hill. The findings are terrifying...
Our country is at risk, not only from a catastrophic cyberattack but from millions of daily intrusions disrupting everything from financial transactions to the inner workings of our electoral system...
The reality is that we are dangerously insecure in cyber. Your entire life – your paycheck, your health care, your electricity – increasingly relies on networks of digital devices that store, process, and analyze data. These networks are vulnerable, if not already compromised. Our country has lost hundreds of billions of dollars to nation-state-sponsored intellectual property theft using cyber espionage...
We need C-suite executives to take cyber seriously since they are on the front lines. With support from the federal government, private-sector entities must be able to act with speed and agility to stop cyber-attackers from breaking [into] their networks and the larger array of networks on which the nation relies...
The status quo is inviting attacks on America every second of every day.
As Bryan says...
In the wake of the Russian hack, these warnings now sound particularly prescient. It will be years before we understand the full extent of the damage.
It's not just the breach of personal security or intellectual property, which is frightening enough... It's also that the aggregate impact of the disruption to daily lives and businesses from these attacks is largely intangible to most people – and more so as the business world has gone even more "remote," like it did in 2020.
How can we do anything safe with emerging technologies (like artificial intelligence), new infrastructure projects, or anything else if we can't stop hackers from hiding a malicious software update and installing it in the systems of tens of thousands of companies and high-level government agencies?
It's like letting spies run free inside our offices.
There's also the personal side of things... It's easy to forget humans are behind these hacks. Why are they doing this in the first place? That's more of a geopolitical issue, and it should be part of defend-from-all-angles policies...
It's also not out of left field to imagine a cyberattack starting with somebody with bad intentions being hired at a particular company where they can start doing the damage from within.
But today, we're focusing on the nuts and bolts. Let's get real... Hackers are getting access to and moving around networks of American companies and government agencies undetected.
That's the practical problem and a big concern in ways we can't fully understand or realize today...
Now, if you're like me, you might be saying...
Hasn't everyone been hacked already anyway?
That's how I've operated through the past two decades as I spent more time in a digital age. I just assumed that all information put online or on my computer was available to everyone, even those with nefarious purposes.
Call it the skeptic in me...
For years, though, I've felt cybersecurity software and platforms have been designed to and have been largely effective in identifying attacks when they happen... and that they've taken care of things in a useful amount of time before too much damage is done.
But the SolarWinds attack – and the Equifax breach of 2017 – should show us that the good ol' days of cybersecurity are over here in the U.S... We need a serious revamp.
Funny enough, I was surprised to hear the best way forward might be how I've settled into thinking about this over the years.
In Venture Value, Bryan talked to an industry leader, one of cybersecurity's foremost authorities, over the summer who essentially said...
Assume you've been hacked. Then, what would you do?
This is a needed paradigm shift in thinking in the cybersecurity world today, according to Bryan... And it's one that this business leader's company is already using today, when few others are.
We're compelled to listen to him. These thoughts come from a guy who has decades of experience working in cybersecurity at the federal level... and with public and private companies... even before "cybersecurity" was a commonly used term.
He has a better handle on this industry than we ever will... and says in his estimation, the world lost an eye-popping $3 trillion to cybercrime in 2019. That's most likely about the size of the next stimulus bill.
By the end of 2021, losses are estimated to be $6 trillion, according to Bryan.
And while admittedly it probably isn't possible to prevent every cyberattack ever designed, this expert says there are better ways to go about preventing and containing the damage done by them...
That's why this company we're referring to – which Bryan independently identified and shared with his existing Venture Value subscribers – is working on staying "ahead of the game" and the competition when it comes to cybersecurity software in a new era for the industry.
In cybersecurity, the game is always being played... So solutions need to be ones that can run all the time and be innovative and useful for what is going on in the world today. As we cited from Bryan in November...
Most cybersecurity breaches today are based on artificial intelligence ("AI"), which dekes the firewalls and slips undetected into a target's network. To effectively combat that, you need a defense that can analyze all traffic – incoming, outgoing, and internal – identify the suspicious communications, and stop the threat in real time.
But this company, as its CEO told Bryan over the phone, is doing something else. As he said...
Everything else really works to lock your network and keep bad guys from getting in. [But it] ignores what gets past them... The reality is... every network in the world is already infected today.
We started out... with the premise that you can't keep the bad guys out. You can't put another lock on the door... Firewalls aren't stopping cyber breaches, as the numbers prove daily. So we decided rather than try to stop them, we would neutralize them.
As we also said then, knowing what we know now, this approach might seem like a no-brainer solution... yet this is work that most cybersecurity companies simply aren't doing today.
We're talking about an innovative suite of products in a high-demand industry, with a proven profitable business model to boot...
These are big reasons why Bryan has identified this tiny company as an ultimate "hidden asset" play, the value of which the stock market is only starting to understand. He says the stock could give early investors a multi-bagger return when all is said and done.
If nothing else, we hope today's Digest will get you thinking about the scope of the problem we're facing today and the potential path forward... But if you want to learn more and take advantage of an extraordinary offer to get access to all of Bryan's research at the lowest price we've ever offered, click here to get started.
You'll hear more about how you can receive all the details on the company Bryan has discovered, along with a special bonus interview with the man behind its exciting new cybersecurity software... plus two more "hidden asset" plays that Bryan loves today.
(And existing Venture Value subscribers, be sure to check out this latest research right here, if you haven't already.)
Will Oil Boom in 2021?
Energy prices are down more than 70% since their peak in 2014... Is now the perfect time to invest for the next oil boom? Cactus Schroeder of Chisolm Exploration discusses the idea...
Click here to watch this video right now. For more free video content, subscribe to our Stansberry Research YouTube channel... and don't forget to follow us on Facebook, Instagram, LinkedIn, and Twitter.
New 52-week highs (as of 1/12/21): ABB (ABB), AbbVie (ABBV), Analog Devices (ADI), Asana (ASAN), AutoZone (AZO), Booz Allen Hamilton (BAH), ProShares Ultra Nasdaq Biotechnology Fund (BIB), Cresco Labs (CRLBF), Corteva (CTVA), Commvault Systems (CVLT), CVS Health (CVS), Dow (DOW), Eagle Materials (EXP), Expeditors International of Washington (EXPD), Futu Holdings (FUTU), Green Thumb Industries (GTBIF), Harrow Health (HROW), Ingersoll Rand (IR), JPMorgan Chase (JPM), KraneShares Bosera MSCI China A Fund (KBA), KraneShares CICC China Leaders 100 Index Fund (KFYP), SPDR S&P Regional Banking Fund (KRE), KraneShares MSCI All China Health Care Index Fund (KURE), LCI Industries (LCII), MakeMyTrip (MMYT), MSA Safety (MSA), MasTec (MTZ), OptimizeRx (OPRX), Oshkosh (OSK), PowerFleet (PWFL), Radius Health (RDUS), Construction Partners (ROAD), Southern Copper (SCCO), Sea Limited (SE), Scotts Miracle-Gro (SMG), Trulieve Cannabis (TCNNF), TerrAscend (TRSSF), U.S. Concrete (USCR), ProShares Ultra Semiconductors Fund (USD), and Zendesk (ZEN).
In today's mailbag, some kudos for Greg Diamond's Ten Stock Trader service. Do you have a comment or question? As always, e-mail us at feedback@stansberryresearch.com.
"I am addicted to your service. I try to not miss a single trade. Sometimes I don't get the alert to where I can hear it but I do get the push notification and sometimes can still make the trade. I want to thank you for showing me how important patience is. With the other Stansberry editors I have done well but patience would've paid off even better. Thanks again for all you do. Your dedication is remarkable. Even getting updates weekends and night time." – Stansberry Alliance member Steve J.
All the best,
Corey McLaughlin
Naples, Florida
January 13, 2021