Shares of FireEye (FEYE) are on the rise as Goldman Sachs analyst Brian Essex says it could be a direct beneficiary of the ransomware cyberattack that forced Colonial Pipeline to shut a critical fuel network supplying populous eastern states. According to media reports, the cybersecurity company was brought in to respond to the attack, which the analyst sees as supporting "the company's reputation as a best of breed incident response vendor."
CYBERATTACK: Colonial Pipeline has been forced to shut its entire network, the source of about half of the U.S. East Coast's fuel supply, following a ransomware cyberattack on Friday. According to several media reports, a hacker gang called DarkSide is responsible for the attack. Cybereason says DarkSide is an organized group of hackers set up along the “ransomware as a service” business model, meaning the DarkSide hackers develop and market ransomware hacking tools, and sell them to other criminals who then carry out attacks.
"On May 7, Colonial Pipeline Company learned it was the victim of a cybersecurity attack and has since determined that the incident involved ransomware. Quickly after learning of the attack, Colonial proactively took certain systems offline to contain the threat. These actions temporarily halted all pipeline operations and affected some of our IT systems, which we are actively in the process of restoring. Leading, third-party cybersecurity experts were also immediately engaged after discovering the issue and launched an investigation into the nature and scope of this incident," Colonial Pipeline has explained.
Reuters' Laila Kearney reported over the weekend that U.S. government officials were working closely with Colonial to help it recover from the ransomware cyberattack and that cybersecurity company FireEye had also been brought in to respond to the attack.
On Monday, Colonial Pipeline said in a statement that it "continues to dedicate vast resources to restoring pipeline operations quickly and safely. Segments of our pipeline are being brought back online in a stepwise fashion, in compliance with relevant federal regulations and in close consultation with the Department of Energy, which is leading and coordinating the Federal Government’s response. Restoring our network to normal operations is a process that requires the diligent remediation of our systems, and this takes time. In response to the cybersecurity attack on our system, we proactively took certain systems offline to contain the threat, which temporarily halted all pipeline operations, and affected some of our IT systems. To restore service, we must work to ensure that each of these systems can be brought back online safely."
"Actions taken by the Federal Government to issue a temporary hours of service exemption for motor carriers and drivers transporting refined products across Colonial’s footprint should help alleviate local supply disruptions and we thank our government partners for their assistance in resolving this matter," it added.
FIREEYE COULD BE DIRECT BENEFICIARY: In a research note following the ransomware cyberattack news, Goldman Sachs analyst Brian Essex argued that FireEye reportedly being retained by Colonial supports the cybersecurity company's "reputation as a best of breed incident response vendor." Further, Essex believes events like this could lead to potential demand for the company's "high margin" incident response business and also "provide a halo effect" for the rest of FireEye's platform. While the analyst expects the company to benefit "directly" from the event, he also sees "potential indirect support" for names such as Crowdstrike (CRWD), Palo Alto Networks (PANW) and Tenable (TENB) as news that the largest pipeline in the U.S. was shut down due to a ransomware attack could support greater awareness of risks to Operational Technology systems and the risk these systems pose within the U.S. national energy infrastructure. Goldman has Buy ratings on all four of the cybersecurity stocks mentioned.
Essex also pointed out that while the Colonial Pipeline attack targeted a high profile U.S. infrastructure asset, he would not expect a response of the same magnitude seen across his coverage after the SolarWinds (SWI) breach was disclosed as that attack had the opportunity to impact a much larger universe of enterprises and government agencies. Additionally, as he heard from management teams after the SolarWinds attack, the analyst believes that most security software vendors will likely benefit from greater long-term demand and growth, as opposed to a near-term acceleration in demand.
PRICE ACTION: In afternoon trading, shares of FireEye have gained about 2% to $19.66.
Changed symbol to MDNT
+0.36 (+1.86%)
Crowdstrike
-0.89 (-0.47%)
Palo Alto Networks
+1.025 (+0.30%)
Tenable Holdings
+0.29 (+0.78%)
SolarWinds
-0.22 (-1.31%)