A shadowy criminal gang from overseas pulled off a brazen cyber-hijacking of half the East Coast’s gasoline supply. Nope, this isn’t that James Bond movie that keeps getting pushed; it’s the latest ransomware hack, and it’s on CNN right now.
Around 100 million gallons of gasoline flow from Houston to New York via the Colonial every day. That’s around 45% of the East Coast’s fuel intake, and since the “DarkSide” attack hit last Friday, it’s been cut off.
Every so often, we get a bulletin saying Colonial is “working to get systems back online,” and Energy Secretary Jennifer Granholm is urging drivers not to hoard, but every hour the pipeline is shut adds to an unfolding supply crunch in the Carolinas, Georgia, Tennessee, and parts of Florida and Virginia. GasBuddy reports 30% of filling stations in Atlanta are dry, same as 31% of gas stations in Raleigh, North Carolina.
Unleaded gas prices are hitting $2.99 a gallon, on average, nationwide, which is a level we haven’t seen here since late 2014.
So, what’s the profit play here? Energy? Oil and gas? There isa supply crunch, not to mention the recovery underway. But… you’d have to be way fast on the trigger, and it would help if your brokerage handed out Magic 8-Balls with new accounts. My proprietary S.C.A.N. algorithm is telling me most of the energy-sector profits on this hack were in the bank by Saturday morning. The energy trade is a very crowded trade right now.
No, the serious profit potential the Colonial hack is generating is right here, where not very many people are looking right now…
The Hack Impact Will Linger Long After the Gas Starts Flowing
A huge chunk of the media bandwidth spent on the Colonial hack is going toward the supply crunch, and for now – as in, this week – it’s a big deal.
But there are enough Ph.D.s working the situation that I tend to believe Colonial when it says it should have operations substantially restored by the end of the week, and it’s already got the pipeline running between Maryland and North Carolina. Expert professionals who are completely determined and laser-focused on solving huge, urgent problems usually win – just look at the coronavirus vaccines.
The long-term impact is on cybersecurity, and the way I see it, that’s where the real profit potential is.
A criminal gang we know pretty much zero about just pulled a cyber-Pearl Harbor, and it’s impacting lives and bottom lines. Senator Rob Portman (R-OH) told a Senate hearing Tuesday that the Colonial attack “is potentially the most substantial and damaging attack on U.S. critical infrastructure ever,” and in this case, he’s not being dramatic.
The Colonial hack is just one of hundreds of thousands of cyber-attacks that we know of; we’re still dealing with the fallout from the SolarWinds hack of dozens of private- and government-sector organizations.
Entire cities – San Francisco, Baltimore, New Orleans – have had operations disrupted through ransomware attacks of one kind or another. Hospital systems, school systems, police departments – you name it, criminal hackers have probably hit it. Acer Inc., a big Taiwanese electronics company, was recently hit with a ransomware demand for $50 million – a world record, unfortunately.
I can’t list all the hacks, so I won’t.
For a few years now, governments have at least taken the cyber-threat seriously. But I do get the sense that governments are going to view the DarkSide attack as a kind of wakeup call to really ratchet up spending and national efforts on cybersecurity. This hack is certainly having a huge economic and social impact right now.
And as it happens, cybersecurity is “hot” right now, despite the drop in the ETFMG Prime Cybersecurity ETF (NYSEArca: HACK). In fact, you could argue it’s so hot that it’s become saturated; it continually attracts founders, investors, all kinds of capital.
That’s a double-edged sword: The sector is flush with cash and deals for takeovers, but that saturation makes the job of picking stocks to own and trade that much harder.
Here’s the Best Cybersecurity Play Right Now
That’s why I like FireEye Inc. (NASDAQ: FEYE). The California-based cybersecurity firm, which specializes in threat detection, software, and hardware security solutions is actually helping out in the Colonial Pipeline incident.
This isn’t its first rodeo; it’s assisted in mitigating hacks against Target, JPMorgan Chase, Anthem Healthcare, and Sony Pictures – quite a few high-profile attacks, even if the stakes haven’t been as high. A lot of that experience is down to its acquisition of Mandiant – a world-class “incident response” operation that famously directly accused China of cyber-spying.
One thing we don’t know about FireEye, by design, I’d say, is exactly how many incidents it’s prevented over the years.
This company has put up good numbers over recent quarters – business is booming, after all. Fourth-quarter 2020 revenue was up a modest but sustainable 5%, while annualized recurring revenue was up 8%. Gross margin – the generally accepted accounting principles (GAAP) gross margin – was 65%.
And it hasn’t really let up on the acquisitions; they’ve been frequent and smart. In late 2020, it bought Respond Software, for instance.
Now, FireEye popped around 5% after its involvement with the Colonial hack response went public. But I think that upside is just a taste of what could be coming around the corner.
Cybersecurity is a hotbed of deal-making, and there were persistent rumors that Cisco Systems Inc. (NASDAQ: CSCO) was preparing to buy FireEye. That hasn’t happened yet, and it may not, but FireEye makes an extremely attractive takeover target for some of the big-cap cybersecurity firms out there. I think the performance of the company, at face value, is worth buying, but the better-than-average likelihood that FireEye will find itself a buyer shouldn’t be ignored, either.
— Andrew Keene
Source: Money Morning