Duqu: Another Reason to Invest in Cyber Security
by Justin Dove, Investment U Research
Wednesday, October 26, 2011
As the war in Iraq finally draws to an end, there may be another war looming in an unconventional battlefield.
A newly discovered piece of Trojan malware, simply called Duqu, brings the possibility of sophisticated cyber warfare one step closer…
And this new super-Trojan could lead to expanded enterprise and government spending on cyber security.
A Precursor to a Stuxnet-Like Bug
Duqu is said to bear striking similarities to Stuxnet, the infamous malware that sabotaged Iran's nuclear enrichment centrifuges last June and may be a precursor to a similar program. According to a Forbes report, "Roughly 99% of the Duqu software rules are the same as Stuxnet's. The source codes and keys for encryption are the same, only Duqu is more sophisticated."
"This is definitely a troubling development on a number of levels," Ronald Deibert, Director of Citizen Lab told Technology Review. "In the context of the militarization of cyberspace, policymakers around the world should be concerned."
While Stuxnet was used to effectively control computer systems in Iran last year, Duqu is said to be more of a spying virus. According to a report published last Thursday by Symantec (Nasdaq: SYMC), "The attackers [which utilized Duqu] were searching for information assets that could be used in a future attack."
The code is said to be able to monitor messages and processes. It can also unlock other information, including the design of supervisory control and data acquisition (SCADA) systems. SCADA systems are the types of systems used at industrial plants and power plants to centrally control functions.
According to Technology Review, Stuxnet "went far beyond shutting down or disrupting operations." After infecting the systems, it damaged the centrifuges so that uranium could not be separated into yellowcake. In what Technology Review dubbed "a Hollywood touch," Stuxnet was able to display normal information on system's interface so that the operators wouldn't notice anything was up.
Even more troubling is the likelihood that these bugs have been developed and implemented by government agencies. Back in January, The New York Times postulated that Stuxnet "was designed as an American-Israeli project to sabotage the Iranian program."
According to the Forbes report, "While no one government came forward to claim responsibility for Stuxnet, those on the front lines of IT security say that with 100 percent certainty it was a government agency that created it, like cryptologists at the National Security Agency of the U.S. or a similar organization in Israel and the U.K."
No Connection Found Between Targets
It appears that Duqu is more of a testing program. While Stuxnet had a clear target and objective, Duqu seems to be spread all over the globe with no clearly defined targets.
Kaspersky Lab Malware Expert Sergey Golovanov told Forbes there were no commonalities between the victims, and that the victims were cast across the globe. At least one university and multiple companies were infected by Duqu.
According to the Symantec report, "The threat has been highly targeted toward a limited number of organizations for their specific assets."
While there aren't any clues that point to what assets were targeted, the important thing is that not only governments are being attacked, but enterprises. Duqu and subsequent threats are likely to spread a wave of paranoia that leads to increased spending on cyber security.
Companies to Benefit
The most obvious company standing to benefit is Symantec, which created the detailed report on Duqu. It's an industry leader in IT security in the personal and enterprise arena.
Other possible plays include:
- The KEYW Corporation (Nasdaq: KEYW) is a small-cap company providing "mission-critical" cyber security for U.S. government defense and intelligence agencies. Its stock is still about half of its 52-week high after the recent sell-offs in the broad market.
- Iron Mountain Inc. (NYSE: IRM) is a diversified play that's unaffected by recent market fluctuations. Among many services, Iron Mountain provides data storage and recovery services. If a large company is in fear of having its database or system infected or wiped out, they may want to find services, such as Iron Mountain's, to keep information safe.
- SAIC, Inc. (NYSE: SAI) is another diversified play that offers cyber security services to government agencies and large enterprises, among many other services. It was battered by the market the last few months, however, it recently announced a big partnership with McAfee and has a very attractive P/E at 7.50.
- Speaking of McAfee, Intel (Nasdaq: INTC) bought the cyber-security leader last year. While it's just a small part of Intel's portfolio, it should help continue to drive some growth in Intel's recent run of better-than-expected earnings reports.
As these threats become more sophisticated and more frequent, look for governments and large enterprise to continue to spend big on cyber security to secure systems and data. Investors should look at companies that offer these types of services, as growth should continue in the sector for some time.