A Rise in Ransomware Cyberattacks Threatens Organizations and Leads to National Security Concerns, the Industry Is Adapting Fast and Leaders Are Emerging
Cybersecurity
Cybersecurity has become an essential industry. Its premise is to protect all categories of data from unauthorized access, interference and theft. Sensitive data that requires cybersecurity protection includes such things as personal and medical information, trade secrets and intellectual property. Broadly speaking, any data with potential value that is stored on a server, a cloud or connected to the internet through IT infrastructure is susceptible to being illegally accessed and compromised.
Without cybersecurity services, any individual or organization is vulnerable to data breaches and cybercriminals. Driven by ever increasing global connectivity and the usage of cloud services, the risks involved in sensitive data storage are constantly increasing. In recent years, widespread poor configuration of these cloud services (e.g. Amazon Cloud Services, Microsoft’s OneDrive, and every organization’s internal cloud or server) has led to a surge in cyberattacks and data breaches.
Capitalizing on these weaknesses in an increasingly interconnected society, global cybercrime and ransomware “gangs” are on the rise. Ransomware in particular — being software which locks access to a computer system’s data until money is paid, typically in cryptocurrency — is fueling a global cybercrime spree, relentlessly targeting infrastructure operators, public organizations and businesses. The consequences of these crimes for governments and organizations range from the theft of clients’ personal information to paralysis of whole industries, potentially affecting the prices of commodities on global markets or preventing essential service providers from being able to operate. These attacks also pose an inherent threat to national security. With infamous names like REvil, Conti, Darkside, CLOP or Egregor, ransomware criminal organizations are evolving into a professional industry. According to Chainalysis, a cryptocurrency research firm, the total amount of ransoms paid by victims in 2020 grew 311% to $350 million. These cybercriminal organizations actively build and operate the malware responsible for the attacks. Some of them use the malware to attack victims directly, while others — using a reference to the booming SaaS industry — provide Ransomware-as-a-Service (RaaS) to help other criminals set their traps for their prey.
Most of these attacks are believed to have originated from organizations in Russia or China but the very nature of the criminal operations renders geo-localization difficult. Experts strongly suggest some form of local government cooperation could even be involved, which may explain why the reach of these operations now raises national security concerns. Last May, at the CEO summit in Washington, U.S. President Joe Biden, in front of the country’s top executives from major technology, financial and energy companies, declared cybersecurity to be the “core national security challenge”. On October 8, U.S. and E.U. authorities coordinated a crackdown on REvil, a Russia-linked criminal group responsible for ransomware attacks that had crippled businesses and critical infrastructure. The U.S Justice Department recently announced the arrest of a Ukrainian believed to be the head of the ransomware attack on Kaseya — discussed below. Just before that, the E.U. authorities arrested two people in connection with REvil.
To further illustrate the growing problem of cyberattacks and ransomware we can look at PAX, the most recent attack attempt from cybercriminals. In this case, the company was believed to be acting in concert with hackers to collect large amounts of personal information. On October 26, 2021, the FBI raided the Florida offices of Chinese-based PAX Technology, a Point-of-Sale (POS) terminal provider, for allegedly facilitating cyberattacks on firms in the U.S. and the E.U. The company’s terminals are used to process millions of transactions in stores worldwide, supplying over 57 million terminals in 120 countries. The POS devices are believed to be used as storage space for malware and act as a “command and control” center, allowing deployment of attacks and data theft. While still under investigation, PAX did not provide “satisfactory answers”. It is, however, a well-known fact that POS terminals are widely targeted by cyber crime and hijacked for the purpose of credentials theft and malware distribution. Before the start of the federal investigation, two major financial providers, one in the U.K. and the other in the U.S., cited irregularities and started pulling PAX terminals out of their payment infrastructure.
Besides targeting individual companies and users or potentially collaborating with them as in the case with PAX, hackers are also adapting to attack Managed Service Providers (MSPs). The logic being that while harder to hack, a successful attack on an MSP will yield larger results. The attack on Kaseya, a U.S.-based IT solutions provider, on July 2, 2021, is a good example. The ransomware attack, which according to the cybersecurity firm Huntress was attributed to the notorious Russia-linked ransomware group REvil, hit over 1,000 companies, forcing Swedish grocery chain Coop to close hundreds of stores. The criminal group, in operating the largest supply chain attack to date, compromised Kaseya’s IT management software, using the firm to spread ransomware to service providers using its technology and eventually to their clients. Coop, one of Kaseya’s managed service providers, had to close 800 stores after its cash registers and self-checkouts stopped responding. The U.S. president commented: “The initial thinking was it was not the Russian government, but we’re not sure yet”. Such an incident, where hackers weaponize IT supply chains to target victims at scale, comes after last year’s almost successful attempt from REvil to penetrate the email networks of U.S. federal agencies and companies by hijacking the SolarWinds IT software group.
Sometimes these attacks can cripple whole industries, as was recently the case with JBS and meat buyers in the U.S. On June 2, 2021, Brazil-based meatpacker JBS, the world’s largest meat company by sales, processing one-fifth of the U.S. meat supply, fell victim to a ransomware attack, taking most of U.S. beef and pork processing offline, raising pressure on meat suppliers and leading buyers to panic. Believed to have originated from REvil, the attack added pressure on a food supply chain already constrained by labor shortages, production and transportation costs. With no solution in sight and unable to unclog the mounting pressures in the meat supply chain, JBS agreed to pay a $11 million ransom to regain access to its IT systems. This breach and the resulting attack shows the costly results of companies underinvesting in cybersecurity.
Cyberattacks can also affect daily life, as illustrated by the attack on Georgia-based fuel supplier Colonial Pipe Co. On May 7, 2021, an attack on Colonial, an American oil pipeline system carrying gasoline and jet fuel from Texas to the Southeastern U.S. and transporting 45% of oil consumed on the east coast of the U.S., resulted in Colonial halting all pipeline operations to contain the threat. The company paid a $4.4 million ransom within hours of the attack. However, even though Colonial was provided with restoration software, it took days for Colonial to restore its computer network and resume its operations. In the meantime, motorists started queuing at gas stations, the price of fuel started rocketing and the U.S. President announced a temporary state of emergency.
Hospitals, municipal governments, transport infrastructure and schools — nearly every essential sector has been affected and suffered major disruptions due to cyberattacks in the past year. Industry experts and governments agree that if not properly addressed, these attacks may likely be a warning of worse to come. It has become evident that while other tech sectors are primarily driven by increasing productivity and reducing inefficiencies, the cybersecurity sector is driven by the rise in cybercrime. The unprecedented frequency and magnitude of cyberattacks is fueling a need for solutions and generating a surge in cybersecurity spending from organizations and governments.
Additionally, since the start of the Covid-19 crisis, few corporate functions have been forced to shift their priorities and budgets as dramatically as corporate cybersecurity operations and the technology providers that support them. As employees switched to remote work by legions and online shopping became the norm, organizations became even more vulnerable to cyberattacks. According to a 2021 survey of IT professionals by Statista, all major types of cyberattacks increased since the start of the pandemic, with a reported +44% increase for account takeovers, +51% for phishing attacks, and +55% in leakage and data exfiltration. The Romanian cybersecurity firm Bitdefender reported an increase in global ransomware attacks of +485% in 2020 compared with the previous year.
On the cybersecurity firms’ side, these recent trends are exacerbating demand in an already thriving industry. The need for cybersecurity is becoming omnipresent and the global cybersecurity market is continuing its stratospheric growth. From a mere $3.5 billion in 2004, it grew to an estimated $156 billion in 2020 — a 45x increase in 16 years. The market is projected to reach $352 billion by 2026, registering a CAGR of 14.5%.
Keeping up with the pace of cyber criminal organizations is what drives the industry and allows leaders to emerge. Successful firms must constantly rewrite the rules on how organizations protect themselves against rapidly evolving adversaries. They need to be faster and smarter than cybercriminals, understanding and predicting their next move and the attack landscape.
Leading providers have to be on the front lines of threat detection and remediation. Addressing attacks can be seen as a three stage approach which includes the prevention, detection and response, and analysis of threats. Companies at the forefront of the industry are able to demonstrate strong capabilities in integrating AI with cybersecurity, addressing the growing era of technology with the IoT and 5G, dealing with targeted ransomware and state-sponsored cyber warfare, as well as mitigating insider threats coming from human error.
While the industry is in perpetual motion, with new leaders emerging and constantly adapting to the latest inventions in cybercrime, we believe few players are better equipped to respond to these evolving threats than Cybereason. Cybereason’s approach is simple: to succeed in cybersecurity, hire hackers, not security guards. Its mission is: “Reverse the adversary advantage by empowering defenders with ingenuity and technology to stop cyber threats”.
Boston-based Cybereason started in the Israeli army’s 8200 unit, a division of the nation’s Intelligence Corps military division, when three cybersecurity experts, Lior Div, Yossi Naar, and Yonatan Striem-Amit, decided to pool their respective knowledge in countering the rise of hackers. Lior Div, the company’s CEO and co-founder, served as commander in this specialized military division and received a Medal of Honor. Lior is an expert in hacking operations, reverse engineering, forensics, and cryptography. Yossi Naar, Cybereason’s CVO and co-founder, has 20 years of experience in designing security platforms for the defense industry. He’s the architect of Cybereason’s Deep Hunting, an in-memory graph data analytics engine. The company’s CTO and third co-founder, Yohatan Striem-Amit, is a visualization technology expert. He’s provided machine learning and big data analytics solutions to military elite defense forces and governmental agencies. With a team of such pedigree, Cybereason is at an advantage but it now has to demonstrate its ability to grow long-term, which we believe it will.
The problem in developing sound cybersecurity responses is that even the most talented team of analysts typically struggles with quickly devising a complete attack story once a threat is detected. Cybereason has been able to simplify this process. Its software instantly identifies if an organization is under attack, reports on its impact and immediately stops the threat. The company’s platform starts by finding a single component of an attack and proceeds to connect it with other pieces of information to reveal the entire campaign, before shutting it down.
Since Cybereason’s inception in 2012, the company’s technology has stopped some of the world’s most vicious threats. While the company doesn’t disclose details of the attacks it prevented or mitigated (for evident security reasons), some of its high-profile cases include global freight and logistics providers, an international food processing company, some of the world’s largest banks, and a major Japanese mobile company. Of what the company discloses, Cyberesason claims its technology has helped protect customers from the recent SolarWinds supply-chain incident and other high-profile ransomware attacks launched by DarkSide, REvil and Conti groups. Despite an impressive track record and being acclaimed by the industry, with major clients such as S&P Global or SCM Insurance Services using Cybereason as their base level protection against ransomware, the company has much greater ambitions.
From its beginnings as an Endpoint Detection and Response (EDR) provider — a technology that combines real-time continuous monitoring and endpoint data collection to provide automated responses and guard against cyber threats — Cybereason has kept growing with an ambitious objective that became the company’s motto: to protect it all. The company’s technology expanded from applying its protection to traditional hardware to covering wearables, cars, and IoT devices. Simply put, the company addresses the cybersecurity needs of anything that has a processor and is connected to the internet.
In less than a decade, from a humble yet promising debut, Cybereason has surpassed its competitors, becoming the world’s most powerful cybersecurity analytics platform. The company is now the undeniable market leader in terms of quantity and depth of data analyzed. Its flagship product, the Cybereason Defense Platform, became an industry standard in EDR, NGAV (a next-generation antivirus bridging the gap left by traditional antiviruses), Hunting (a system proactively looking for cyber threats that otherwise go undetected) and security analytics.
While still a private company, investors have been pouring money into Cybereason since its inception. According to Crunchbase, Cybereason has raised $713.6 million in funding over 8 rounds, with the latest, an extension to its series F funding round in July 2021, taking place on October 19, 2021 and raising an additional $50 million. While the company didn’t state at what valuation it raised its latest series F rounds, estimations put it north of $3 billion. The company is following in the footsteps of another cybersecurity giant, SentinelOne, who raised its $100 million series F in November 2020 valued at $2.7 billion and is now trading on the NYSE under the ticker “S” with a market capitalization of $19.4 billion. For Cybereason, the July 2021 series F round secured an additional $275 million in funding, with Liberty Strategic Capital as leading investor, and additional investors including SoftBank, CRV, Spark Capital and Lockheed Martin.
The July 2021 series F funding round also brought additional credibility and recognition for Cybereason. Steven Mnuchin, an ex-Trump Treasury secretary who runs the private equity fund Liberty Strategic Capital, publicly announced on CNBC that he was investing in Cybereason in the hopes of strengthening crackdowns on ransomware attacks. The former Trump Treasury Secretary said: “It’s best-in-class technology, it’s got a global footprint, and it’s got a great management team,”. Mr. Mnuchin’s connections with government as well his repeated appeals for companies to get licensed from the Treasury before making payments to hackers, provides a strong backup for Cybereason’s future operations, both in terms of name recognition and ability to capitalize on recent regulatory developments in dealing with ransomware attacks. The addition of Mr. Mnuchin as an investor has propelled the company into the inner circle of the government decision-making process.
Following the recent funding rounds, Lior Div said: “ (…) the executive order on cybersecurity put out by the Biden administration recommends that endpoint detection and response solutions be deployed on all endpoints. This accelerates the importance of solutions like ours in the public market”. Adding that these rounds of financing will be used to fuel “hypergrowth driven by strong market demand”. In 2020, at the height of the pandemic, Cybereason reported $120 million in annual recurring revenue, largely driven by its AI-powered platform. This series F funding round and its extension are rumored to be the company’s last before going public. Worth noting is that the management team appears very confident in its long-term success, notably refusing a $1.5 billion exit two years ago — the company is now funding at least at double this valuation.
With cyberattacks becoming so common and starting to affect daily life, the role of cybersecurity takes on a different meaning — it is now an essential service. Changes in technology, including an increased speed and more broadband, provide the needed technology for cybercriminals to automate their attacks. Breaches in cybersecurity are damaging businesses: Facebook got 540 million users’ records exposed on Amazon’s cloud; Equifax (a global credit rating agency) suffered costs of $439 million to recover from an attack with the data breach affecting 147 million customers; Yahoo’s hack affected 3 billion customers and cost the company ~$350 million; while public health services such as the NHS in the U.K. got incapacitated after a ransomware attack.
Public awareness is only starting to rise on the issues faced by the lack of an adequate cybersecurity response. Even corporations and governments only recently realized the magnitude of the problem, leading them to reassess their priorities, reallocate their budgets, and start to heavily invest in the prevention and detection of cyber threats. In light of this, we believe cybersecurity to be one of the few industries that is likely to witness a tremendous growth sustained by a booming demand in the near future. Companies like Cybereason, positioned at the forefront of the industry, are likely to experience a constant and increased demand for their services. We see cybersecurity as an industry that will continue to attract investment, promoting the constant need for innovation, and helping it to stay ahead of the curve. Technologies supporting cybersecurity are likely to become the main priorities to support governments’ growing concerns over national security, providing strong tailwinds for the companies that are positioned at the forefront of this industry.
