It seems to happen about every six months: a massive hack puts millions of consumers and average citizens at risk as cyber thieves look to get their hand on private data. Last week consumer credit company Equifax reported it had been breached and sensitive data from as many as 143 million Americans was potentially exposed. The truly damaging news from this event is that the company apparently had invested in solid security and was still hit.
In a new research report, Stifel analysts point out that the hackers may have exploited Apache Struts, which is an open-source web application framework for developing Java EE web applications. The report said this:
Security researchers disclosed a newly discovered exploit affecting all versions of Apache Struts from 2008 that could grant perpetrators access to mission critical enterprise systems. Interestingly, in order to gain “backdoor” access, a hacker would simply need to enter a string of modified data into a search box or other hosted elements on the site (meaning they would only need a browser to leverage the exploit). While it remains yet unclear whether the hackers leveraged the most recently disclosed vulnerability (CVE-2017-9805), which would’ve made it a zero-day attack, or a vulnerability disclosed in March (CVE-2017-5638), we maintain a high degree of confidence that Apache Struts was the perpetrator’s point of entry.
We screened the Stifel security software universe and found four stocks rated Buy that may benefit from this massive attack going forward.
This company had a red-hot IPO in 2014 and shares are down almost 20% since July but have rallied back off the lows. CyberArk Software Ltd. (NASDAQ: CYBR) claims it is the only security company focused on eliminating the most advanced cyber threats — those that use insider privileges to attack the heart of the enterprise. The company proactively secures against cyber threats before attacks can escalate and do irreparable damage. It is estimated that at least 35% of the Fortune 100 and 17 of the world’s top 20 banks use the software to protect high value information assets, infrastructure and applications.
CyberArk is a pioneer of a new layer of IT security solutions that protect organizations from cyberattackers that have evaded the network perimeter. CyberArk’s solutions secure organization’s critical assets dubbed privileged accounts, which are the keys to databases, industrial control systems, servers and applications, all of which house sensitive data. CyberArk’s software is focused on protecting these accounts, which are highly targeted in cyberattacks to disrupt networks and/or steal sensitive info.
The Stifel price objective for the stock is $55, and the Wall Street consensus target price is $48.72. Shares closed Monday at $42.09.
This stock was on fire a couple of years ago but was absolutely eviscerated after missing earnings numerous times. FireEye Inc. (NASDAQ: FEYE) has been mentioned over the years as a takeover target, and trading 85% below highs that were printed this time three years ago, it may indeed be on the radar.
The company provides cybersecurity solutions for detecting, preventing, analyzing and resolving cyberattacks. The company offers vector-specific appliance solutions that provide threat protection from network to endpoint for inbound and outbound network traffic that may contain sensitive information.