Tag Archive for: Colonial

Cyber Security Stocks To Watch After Colonial Pipeline And JBS Hacks

/in


Our theme of Cyber Security Stocks remains down by about 1% year-to-date, significantly underperforming the S&P 500 which has gained about 13% over the same period. However, the theme has picked up a bit since our last update in mid-May, when it was down by 6%.The underperformance versus the broader indices is likely due to the fact that most of the stocks in the theme are high-growth, high-multiple names that have been out of favor in the current market, as investors rotate into value and cyclical stocks to play the post-Covid boom in the U.S. economy. However, there’s good reason for investors with a long-term view to increase their exposure to cybersecurity stocks. Companies and governments are getting more serious about protecting their networks and infrastructure, following multiple high-profile cybersecurity incidents in recent months, including the ransomware attack on the Colonial Pipeline, the SolarWinds
SWI
 hack, and the recent cyber attack on JBS – the world’s largest meat supplier. The increasing shift from on-premise to cloud-based information systems should also make companies prioritize security. Moreover, IT spending by corporates, in general, is likely to pick up from this year, after they scaled back on spending in 2020 due to Covid-19. This should bode well for companies that provide software, hardware, and services that help protect computer systems and networks.

Within our theme, Fortinet
FTNT
 a company that provides cybersecurity-related hardware and software, has been the strongest performer, rising by about 49% year-to-date on account of stronger than expected quarterly results and its pivot to the cloud. On the other side, the stock price for Qualys
QLYS
 a company that provides cloud security, compliance, and related services, remains down by about 18% this year, as its guidance for this fiscal year was weaker than expected.

[5/17/2021]

Our theme of Cyber Security Stocks has declined by about…

Source…

Colonial CEO Defends Hack Response and Offers Lessons Learned

/in


(Bloomberg) — The chief executive officer of the pipeline company hit by a ransomware attack last month apologized to a U.S. Senate panel for the incident that paralyzed the East Coast’s flow of gasoline, diesel and jet fuel, while defending his company’s response and offering tips for future hacking victims.

“We are deeply sorry for the impact that this attack had, but are also heartened by the resilience of our country and of our company,” Colonial Pipeline Co. CEO Joseph Blount Jr. said at Tuesday’s hearing.

Blount’s appearance before the Senate Homeland Security and Governmental Affairs Committee comes as Congress readies its response to the hack, which affected 45% of the East Coast’s fuel supply, driving up gasoline prices and sparking shortages at filling stations after the company shut the roughly 5,500-mile pipeline on May 7.

The senators’ questions for Blount were direct but relatively gentle. Blount was contrite — and sometimes vague — on some details about the company’s cybersecurity protections. When asked about Colonial’s cybersecurity budget, for instance, he said they had spent $200 million on information technology over five years without specifying how much was defending against hacks.

Blount said responding quickly to contain the threat and swiftly communicating with the government were among the most important lessons he learned from the incident.

The hackers, who the FBI said have been linked to a group known as DarkSide operating in Russia, were able to breach the company’s computer system April 29 using a virtual private network — or VPN — account, an encrypted internet connection that allowed employees to remotely access the company’s computer network. Blount testified that the VPN account only had single-factor authentication.

The “legacy” network “was not intended to be in use,” said Blount, who took over as Colonial CEO in 2017. He added that the company is still trying to determine how the hackers gained the needed credentials to exploit it.

Senator Rob Portman, a Republican from Ohio and the ranking member on the committee, called out this failure. “Mr. Blount you’re a victim, and we understand that,”…

Source…

Colonial Pipeline CEO tells Senate decision to pay hackers was made quickly

/in


Colonial Pipeline CEO Joseph Blount said Tuesday that his company paid hackers a $4.4 million ransom a day after discovering malware on its systems in early May. The company also hired outside consultants to handle negotiations with the hackers, who were paid in the bitcoin cryptocurrency.



a close up of a sign: Colonial Pipeline was the target of a ransomware attack that forced it to shut down operations. Jim Watson/Getty Images

© Provided by CNET
Colonial Pipeline was the target of a ransomware attack that forced it to shut down operations. Jim Watson/Getty Images

Blount, who was testifying before the Senate Committee on Homeland Security and Governmental Affairs, said the decision to pay the ransom on May 8 was made by the company itself. Federal authorities, however, were notified of the hack within hours of its discovery. 

Loading...

Load Error

“I made the decision to pay, and I made the decision to keep the information about the payment as confidential as possible,” Blount said. “I kept the information closely held because we were concerned about operational safety and security, and we wanted to stay focused on getting the pipeline back up and running.”

The testimony comes a day after the FBI said it had recovered millions of dollars in bitcoin paid to the DarkSide ransomware gang, which attacked the pipeline last month, prompting a shutdown of the East Coast’s main fuel-supply artery. The stoppage led to gasoline hoarding and soaring prices as motorists filled tanks amid uncertainty about supplies.

On Monday, the DOJ said it seized 63.7 bitcoins valued at a total of about $2.3 million, part of the ransom demanded by DarkSide. The criminal enterprise, which has since said it disbanded, is thought to be based in Russia.

The hack promoted the government to issue new cybersecurity regulations for operators of pipelines. The new security directive, issued by the DHS Transportation Security Administration, requires critical pipeline companies to report confirmed and potential cyberattacks to the US Cybersecurity and Infrastructure Security Agency. The directive also requires pipeline companies to undertake a review of their current security practices to identify any risks or gaps. Companies must report results of these reviews to the TSA and CISA within 30 days.

America’s energy crisis: How the…

Source…

DOJ Recovers Most of Colonial Pipeline’s Ransom Payment

/in


Photo: POOL/AFP via Getty Images

Close to a month after Colonial Pipeline paid hackers the equivalent of $4.4 million in order to restore services for their massive gasoline operation, the Department of Justice announced that it had recovered the majority of the ransom payment.

After hackers affiliated with a group known as DarkSide locked Colonial out of their computer system leading to fuel shortages throughout the East coast, the energy firm decided in early May to pay the Russia-based group 75 Bitcoin, the equivalent of $4.4 million at the time. On Monday, the DOJ announced that 63.7 Bitcoin had been seized; while that represents 85 percent of the ransom payment, the value is now at $2.3 million, due to a fall in the cryptocurrency’s price in May.

“By going after the entire ecosystem that fuels ransomware and digital currency, we will continue to use all of our tools and all of our resources to increase the costs and the consequences of ransomware attacks and other cyber-enabled attacks,” Deputy Attorney General Lisa Monaco said at a press conference on Monday, referring to the type of the attack executed against Colonial. The FBI also revealed Monday in an affidavit that they were holding a key to unlock a bitcoin wallet that had most of the funds, although they did not announce exactly how they were able to find the key; Bitcoin transactions are designed to be untraceable. According to Reuters, “the bureau had tracked the bitcoin through multiple wallets, using the public blockchain and tools.”

By announcing that the Department of Justice was going after the “entire ecosystem” of ransomware attacks, Monaco suggested an escalation of the tactics used by the government to stop the hacking that has disrupted many business sectors this year. In April, the DOJ created a Ransomware and Digital Extortion Task Force to mitigate the breaches that have emerged as a national security threat over the past year. In an internal memo launching the initiative, the department will target “the entire criminal ecosystem around ransomware, including…

Source…