New Revelations Suggest Russian Hack Of US Agencies 'Very Possibly The Worst Ever'

The successful cyberattack on the U.S. Treasury, U.S. Commerce Department and a handful of major U.S. companies reported earlier this week may be far worse than initially feared.

What Happened? On Monday, Microsoft Corporation MSFT and cybersecurity company FireEye Inc FEYE said hackers breached software provider SolarWinds Corp SWI and then deployed malware to infect networks of other companies and government agencies.

"The hack compromised federal agencies and 'critical infrastructure' in a sophisticated attack that was hard to detect and will be difficult to undo, the Cybersecurity and Infrastructure Security Agency said in an unusual warning message," The Associated Press reports.

On Thursday, Microsoft said it found malicious software in its system and certain Microsoft Azure cloud services systems may have been compromised.

“Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious Solar Winds binaries in our environment, which we isolated and removed,” a Microsoft spokesperson said on Thursday.

A Russian government hacker group known as APT29 or Cozy Bear was reportedly responsible for the attack.

Why It’s Important: Wedbush analyst Daniel Ives said headlines about the attack have gotten worse throughout the week.

“To put it bluntly, based on all the initial data and speaking with our Beltway contacts today we believe this cyber attack will likely rank as one of the worst (very possibly the worst ever) in the last decade given the targeted and cyber espionage nature of this attack,” Ives wrote in a note.

Ives said this attack could not have come at a worse time given the U.S. government is likely dealing with unprecedented levels of online vulnerability this year. Most government agencies are having employees work from home due to the pandemic, and those employees are accessing sensitive applications and data remotely from “ubiquitous endpoints.”

The good news for investors is that the breach highlights the critical nature of services from cybersecurity stocks like FireEye, Zscaler Inc ZS, Crowdstrike Holdings Inc CRWD and Cyberark Software Ltd CYBR.

Ives estimates these companies will be among those competing to capitalize on a $200 billion growth opportunity in cloud security over the next five years.

Benzinga’s Take: As bad as the public headlines about the government breach have been, there’s a good chance the public isn’t getting the full story on exactly what happened with the attack and what the long-term fallout could be. The FBI and other government intelligence agencies are giving Congress a classified briefing on the incident on Friday.

Posted In: Daniel IvesWedbushAnalyst ColorGovernmentNewsTop StoriesAnalyst RatingsTech

Ad Disclosure: The rate information is obtained by Bankrate from the listed institutions. Bankrate cannot guaranty the accuracy or availability of any rates shown above. Institutions may have different rates on their own websites than those posted on Bankrate.com. The listings that appear on this page are from companies from which this website receives compensation, which may impact how, where, and in what order products appear. This table does not include all companies or all available products.

All rates are subject to change without notice and may vary depending on location. These quotes are from banks, thrifts, and credit unions, some of whom have paid for a link to their own Web site where you can find additional information. Those with a paid link are our Advertisers. Those without a paid link are listings we obtain to improve the consumer shopping experience and are not Advertisers. To receive the Bankrate.com rate from an Advertiser, please identify yourself as a Bankrate customer. Bank and thrift deposits are insured by the Federal Deposit Insurance Corp. Credit union deposits are insured by the National Credit Union Administration.

Consumer Satisfaction: Bankrate attempts to verify the accuracy and availability of its Advertisers' terms through its quality assurance process and requires Advertisers to agree to our Terms and Conditions and to adhere to our Quality Control Program. If you believe that you have received an inaccurate quote or are otherwise not satisfied with the services provided to you by the institution you choose, please click here.

Rate collection and criteria: Click here for more information on rate collection and criteria.