One of the most elaborate cases of cyber-espionage ever … why cybercrime isn’t going away — but there’s a silver lining for investors … investment options to consider
“One of the most impactful espionage campaigns on record …”
That’s how one cybersecurity expert described news that broke Sunday night, in which the Treasury and Commerce Departments were victims of a highly-elaborate, months-long cyberattack.
From the Associated Press:
U.S. government agencies were ordered to scour their networks for malware and disconnect potentially compromised servers on Monday after authorities learned that the Treasury and Commerce departments were hacked in a global cyber-espionage campaign tied to a foreign government …
The campaign was first discovered when a prominent cybersecurity firm, FireEye, learned it had been breached.
FireEye would not say who it suspected — many experts believe the operation is Russian given the careful tradecraft — and noted that foreign governments and major corporations were also compromised …
Authorities are still determining the scope of the attack, but it could be huge.
That’s because the apparent conduit for the attack is a widely popular piece of server software called SolarWinds. It is used by 300,000 customers around the world, including all five branches of the U.S. military, the Pentagon, the State Department, NASA, and National Security Agency, the Department of Justice, and the White House.
The director of threat analysis at FireEye said, “We anticipate this will be a very large event when all the information comes to light.”
As to the purpose of the hack, we’re still learning. But according to FireEye CEO, Kevin Mandia, the hackers “primarily sought information related to certain government customers.” This supports the working theory that it was state-sponsored cyber-espionage.
***While the hackers were targeting government agencies in this case, 2020 has seen an explosion of attacks on nearly everything — corporations, school systems, hospitals, and individuals
A few statistics, updated for 2020, from Fintech News:
- 80% of firms have seen an increase in cyberattacks
- Cloud based attacks rose 630% between January and April 2020
- Phishing attempts rose 600% since end of February
- Apple accounted for 10% of branded phishing attempts in Q1 2020
- Ransomware attacks rose 148% in March
- Average ransomware payment rose 33% to $111,605, compared to Q4 2019
Overall, hackers attack every 39 seconds — on average, that’s 2,244 times per day. But Cybercrime Magazine predicts that number will climb to an attack every 11 seconds in 2021.
As we detailed here in the Digest earlier this year, one of the latest threats is a “deepfake” — an intentionally-manipulated video, image, or audio recording that portray something that is fake as being real.
Below are screenshots from a CNN video explaining the process as it relates to a video-deepfake. They’ll give you a general sense for the transposition.
From IT Wire:
“Deepfakes will likely reach a quality next year where they can be actively used in disinformation campaigns. Conspiracy theories about the coronavirus, such as its alleged spread via 5G, could be reemphasised via deepfake videos, for example wrongly showing politicians as conspirators.
“The pandemic, the resulting increase in people working from home, and higher reliance on online connectivity, as well as the growing economic pressure, combined with uncertainty among people, are likely to feed into the effectiveness of the use of deepfakes to spread disinformation.”
It’s not just disinformation. There have already been reports of deepfakes being used in corporate scams.
One such example from the U.K. involved what appeared to be an audio-call from a CEO to a manager, directing an urgent transfer of funds to an alleged supplier of the firm. The manager complied, sending hundreds of thousands of dollars as directed.
The scam was a success until repeated requests for similar funds made the manager suspicious, leading to the discovery of the deepfake.
***Horrible as they are, these attacks serve as a huge tailwind for the growth of the cybersecurity industry
If we’re searching for a silver-lining in all this, we’d point toward the inevitable growth of the cybersecurity investment sector.
Here’s how famed investor and editor of Growth Investor, Louis Navellier, described this:
When it comes to making great investments, few stocks can match the power of “inevitables.”
“Inevitables” is a concept popularized by legendary investor Warren Buffett.
It’s his term for big companies that dominate their industries. The companies have such well entrenched and well defended spots in the marketplace that their continued success and customer loyalty is virtually inevitable.
This makes “inevitables” excellent long-term investments that allow you to make big money while still sleeping well at night …
I love to invest in massive business trends that are so entrenched … have such bright futures … and such guaranteed future demand that strong growth is “inevitable” … virtually guaranteed.
That’s why I believe investing in the top cybersecurity stocks is one of the best financial decisions you can possibly make right now.
So, what does this inevitable growth look like?
From Cybercrime Magazine:
A 2017 report from Cybersecurity Ventures predicted ransomware damages would cost the world $5 billion in 2017, up from $325 million in 2015 — a 15X increase in just two years.
The damages for 2018 were estimated at $8 billion, and for 2019 the figure rose to $11.5 billion.
The latest forecast is for global ransomware damage costs to reach $20 billion by 2021 — which is 57X more than it was in 2015.
Now, if we’ve seen 57X growth in the last five years, how much more growth do you anticipate over the next five years?
Consider how our lives are growing nearly inseparable from all things “tech.”
We rely on it for personal communication … business … entertainment … health … travel … it engulfs our entire lives — and it’s only going to increase from here.
While that makes our world increasingly vulnerable to cyberattacks, it presents an opportunity for our portfolios to benefit from top-tier cybersecurity stocks.
***As we’ve noted before in the Digest, an easy, 1-click way to get investment exposure to this inevitable trend is through the ETF, HACK
It holds many of the top names in cybersecurity — Cisco, Symantec, Palo Alto, and FireEye, for example.
Below, you can see HACK outperforming the S&P by roughly 135% here in 2020.
Two drawbacks to HACK, however.
First, it comes with an expense ratio of 0.60%. While this might not seem like much, over time it significantly erodes your returns.
Second, HACK spreads your invested dollars over more than 50 different cybersecurity stocks. That means while you’ll get exposure to some the strongest names in the sector, their gains will be heavily diluted by all the ho-hum stocks in the ETF.
For example, take Zscaler — it’s a cloud security platform based in Silicon Valley.
As you can see below, Zcaler has soared 297% here in 2020 …
While HACK’s holdings include Zscaler, it only gives this high-flier a 1.9% weighting. So, HACK has only a sliver of exposure to this nearly 3X return.
This limited exposure is why HACK is up just 31% in 2020 — respectable for sure — but hardly the 297% that Zscaler investors have enjoyed.
***This dilution effect is why Louis hasn’t chosen HACK for his subscribers
Instead, he’s found a specific cybersecurity play that he’s bullish on.
From Louis’ Market 360 update:
There are a lot of cybersecurity companies out there now, but as an investor, I am only interested in the creme de la creme of cybersecurity.
The good news is I’ve found the one that will be companies’ go-to to protect themselves from hackers. It provides unified security solutions that can be deployed over digital networks to protect users against malware, spam and network intrusions.
And it uses artificial intelligence to analyze over 100 billion security events to help stay ahead of potential cybersecurity threats. This gives it a major advantage over competitors.
To learn more about this pick from Louis, as well as his other Growth Investor stocks, click here.
Wrapping up, expects believe we’ll be hearing about additional federal agencies hit in this latest cyberattack as the week unfolds. While this is regrettable, use it to your advantage by aligning your wealth with top-shelf names in the cybersecurity sector.
After all, demand for cyber-protection isn’t going anywhere. Or, as Louis says, the growth of this industry is inevitable.
Have a good evening,