Recent cyber attacks reveal opportunities for ASX investors

News of cyber attacks on Australia have hit the headlines since Friday when Prime Minister Scott Morrison revealed that a "sophisticated state-based actor with significant capabilities" was behind a "malicious" wave of attacks.

While he chose not to name the responsible party, Australian security agencies say China is behind the attacks, with Beijing likely triggered by Australia’s outspoken support of a coronavirus inquiry.

Morrison admitted that the attacks have been ongoing for months, but that their frequency had recently escalated. The theft of intellectual property is believed to be the primary motivation, with all levels of government targeted, along critical Australian infrastructure, including state-owned utilities and hospitals.

While the issue is only now gaining widespread media attention, the Australian Financial Review reports that growing tensions with China have contributed to a 330% increase in cyber attacks on Australia since the start of the year. The hardest hit being defence contractors along with venture capital firms.

The AFR’s Andrew Tillett reports that China’s cyber attacks on Australia “began about 18 months ago when Australia rejected Chinese company Huawei's participation in the rollout of the 5G network”.

However, these latest attacks on Australia are just “the first salvo in new Cold War,” said Terry Roberts in an opinion piece for The Australian on Monday.

Roberts is a US national security and cyber intelligence executive with over 25 years’ experience including leading software assurance and architecture bodies of work for Carnegie Mellon SEI, described”.

Roberts, who a former US naval intelligence deputy head and founder and CEO of cybersecurity firm Whitehawk Ltd (ASX:WHK), says that we shouldn’t believe that the “state-base actor” failed in its attack on Australia.

She says, “it would be extremely naive to assume that the cyber attacks on the nation’s businesses and governments failed, and that “the more hue and cry an attack generates, the more review there should be to ensure it is not a diversionary feint to cover for an entry to a longer-term main objective.”

Roberts added, “There are two probabilities that should never be discounted – one is to gain root control of a network, and/or to conduct long-term reconnaissance on their targets’ architectures, operations, communications and data.”

Barclay Pierce Capital reported these possibilities, highlighting Roberts’ comments:

"In the first possibility the bad guys are now effectively equivalent to your IT administrators. You can think of it in terms that instead of being the helpful folks who ask if you’ve tried turning your laptop off and on again, they are now cloaked forces bent on your future disruption, by mapping your networks, potentially waiting for the right future moment to attack.

“And in the case of critical infrastructure, ‘acting’ could mean launching a comprehensive sequence of criminal attacks.

“In the second possibility – long term reconnaissance – the infiltrators’ totally primo and likely target is an organisation’s personnel files.

“It is here that their counterintelligence people can go to work looking for individual personal vulnerabilities – to find the weakest link who can be bribed, flipped, cajoled, frightened, blackmailed or otherwise suborned. As has been the case with the 2015 attack on the U.S. Office of Personnel Management (OPM)."

Former Prime Minister, Malcolm Turnbull — who has joined the board of cyber protection start-up Kasada and invested $1 million in the venture — also expects the continuation of cyber threats from malicious actors.

Turnball told the AFR, “We are seeing unprecedented scale and rate of compromise, as tactics used by malicious actors become more sophisticated.”

He said that the recent attacks justified his decision as PM to prevent Huawei from supplying equipment to build a 5G network in Australia — a statement that Huawei has since hit back against.

As reported by Fairfax, foreign policy experts from the University of Sydney’s United States Studies Centre say that Australia and the US must strengthen their ability to counter disinformation campaigns.

These experts stress this as an urgent priority in light of China's tactics during COVID-19, which Fairfax in March suggested involved Beijing “seeking to use the crisis to its advantage in a global propaganda push”.

The government is expected to release its new four-year cyber security strategy in the coming months but said it will name the countries involved in a cyber attack only “when it is clear and in our national interest to do so.”

While these attacks are no doubt detrimental to Australia, our government and industries, they do present opportunities for investors.

Since Friday, a number of ASX-listed cybersecurity companies have seen huge volumes of shares traded as the market recognising the growth potential in cyber security.

Canberra-based archTIS (ASX:AR9) has attracted attention since Morrison spoke on Friday morning. Reports of the cyber attack coincided with news that archTIS has secured its first commercial Australian Defence Industry contract with Northrop Grumman.

ArchTIS specialises in the design and development of products, solutions and services for secure information sharing and collaboration.

The firm has over 10 years’ experience delivering secure information and identity management services and solutions within the highest security levels of the Australian Government.

WhiteHawk (ASX:WHK), under the leadership of Terry Roberts, has developed an impressive portfolio of proprietary cybersecurity technologies and services.

WhiteHawk shares have gained 63% to $0.083 since Thursday’s market close. Much of that rally followed the company being named the Next Tech Stock’s pick of the year in a report published on Monday.

Based in Virginia, USA, central to the country’s Defense headquarters at the Pentagon, the WhiteHawk has multiple contracts with US federal government departments, along with leading US financial and insurance institutions.

The company’s is rapidly growing its revenues and has further contracts in the works. We expect this to continue considering the rise is cyber attacks, with the US a considerably larger target of China and other malicious actors than the Australian government.

Further, the US Defense Industrial Base in the process of introducing new cyber security requirements for each of its 300,000+ supply change contractors and vendors, and WhiteHawk has access to this huge market via its existing US Department of Defense contracts.

Tesserent (ASX:TNT) is another cybersecurity provider that has benefited from the attention on the sector — its shares have gained 35% since Thursday.

Tesserent provides full service, enterprise-grade cybersecurity and networking solutions targeted at mid-market customers in Australia, and internationally in the UK and Korea. Its integrated solutions cover identification, protection and monitoring against cybersecurity threats.

The Tesserent group of companies includes Pure Security (Hack Labs, Pure Hacking, Certitiude and Securus Global), Rivium, and North Consulting.

Just over a week ago, North was appointment to the Defence Industry Security Program (DISP) — a mandatory accreditation required by firms wishing to gain access to Australian Defence security services.

Perth’s Vortiv Ltd (ASX:VOR) is a technology-based company focused on cybersecurity and cloud infrastructure and security and another strong recent performer in the sector.

The company has 100% ownership of Decipher Works, a Sydney-based cybersecurity specialist that provides consulting and managed services to financial institutions and large corporations.

It also owns 100% of Cloudten Industries, a cloud and cloud security specialist that assists the government, financial institutions and large corporations migrate, secure and manage their infrastructure in the cloud.

Additionally, the company has a 24.89% interest in TSI India, which has created a scalable operation in the field of e-transactions and payments in India. TSI India owns and manages ATMs for over 30 major banks and offers Bill Payment services to utility companies in India.