The InfoSec Landscape Is Changing, And No One Is Safe

Includes: CARB, PANW, STX, WDC
by: TickerTags


New ransomware proves MacBooks are no longer secure.

This will act as a catalyst for increased spending on data storage by Apple customers.

Third-party vendors of cloud and HDD offerings may witness a significant near-term market expansion.

In the dynamic world of cloud computing and the Internet of Things, it is no news that cyber security has been a hot topic for both service and equipment providers in the tech landscape. It seems that every enterprise, every endpoint and every user is secure from nefarious technology, that is, until they're not. Apple, Inc. (NASDAQ:AAPL), long touted for their best-in-class system security, is the most recent victim of exploited vulnerabilities. No, we're not talking about how the FBI's newly-developed ability to bypass iOS security, but our focus is rather on a type of cyber attack whose popularity is rapidly on the rise.

On March 6, 2016, security provider Palo Alto Networks (NYSE:PANW) reported that they detected a version of ransomware on Mac OS X which was dubbed "KeRanger." The bug attached itself to a program that had an existing Mac app development certificate, and thus was able to bypass the Apple Gatekeeper before encrypting files and holding them for ransom against the user. Infected systems present the user with a message before being redirected to a website where ransom in the form of 1 Bitcoin (~$400) is demanded as the sole method to freeing their files with a custom decryption key. A user who refuses to pay the ransom and doesn't have their files backed up is unfortunately and completely out of luck.

Attention towards KeRanger may have fizzled away for the time being, but it is a part of a trend that is becoming increasingly more attractive to hackers who have been behind other recent crypto-ransomware bugs such as CryptoLocker, CryptoWall, Locky, TeslaCrypt and CoinVault. The remainder of this article will focus on the potential impact that ransomware may have on the file storage market, specifically with regard to Apple customers. In order to accept the conclusion, you have to be able to accept the following assumptions:

Assumption 1: The ratio of users to MacBook sales since 2014 is 1:1 and roughly 90% are still active to date (adjusting for damaged items). This timeframe was chosen based on the average useful lifespan for tech hardware of 2-4 years.

Fact 1: 44.8 million Mac products sold from 2014-2016 (source: company filings).

Assumption 2: KeRanger's success has opened the floodgates to other blackhat organizations and they will adopt these new attack techniques, increasing the amount of ransomware activity that we can expect to see in the future.

Fact 2: Cyber security monitoring organization Recorded Future reported increased levels of crypto-ransomware discussions within security sources the day before KeRanger, though the highest was over a week after the attack on March 16. Recently, they raised the risk level for "Locky," a bug similar to KeRanger, to "Critical." Chatter levels for this bug reached their highest levels on March 23, about two weeks after KeRanger.

Assumption 3: Mac users are educated about the dangers of ransomware, are informed on how to mitigate their own risk, and are willing to spend cash to do so. The amount of truth that this assumption maintains over time is a function of a) the frequency of ransomware attacks and b) their related publicity through both conventional and social media.

Fact 3: Increased frequency of attacks was mentioned following Assumption 2. Public social media discussion surrounding "ransomware" remains at an all-time high, with levels over 10 times the average frequency in 2015 (TickerTags Fig1).

Click to enlarge

Near-identical metrics are visible when applying the same keyword filtration across online news outlets. (TickerTags Fig2).

Click to enlarge

Users are being encouraged by media outlets to protect themselves from ransomware by backing up their files, solutions to which can be found either through a cloud storage provider or by purchase of a hard disk such as a portable hard drive.

Assumption 4: In conjunction with the highly-publicized debate surrounding Apple's encryption and subsequent "hacking" by the FBI, KeRanger's successful breach will move Mac users to lose some degree of faith in the company's ability to secure their data via iCloud and therefore turn to third-party vendors for data security.

Fact 4: As stated by a recent Geekwire article, "Apple users tend to think they're immune to malware. KeRanger proves that this isn't the case." Furthermore, researchers explain how KeRanger is still in development, with an aim to attack the Apple Time Machine in order to prevent users from restoring their system to a previous unencrypted state.


Taking the assumed 40.4 million active MacBooks, we can say that the data storage market will expand by $25-30MM in 2016 for every 1% increment of users that either purchase an external hard drive (ASPU of ~$60 for Seagate (NASDAQ:STX) and Western Digital (NYSE:WDC)) or a cloud storage solution at an average cost of $70/year. If we see a near-term conversion rate of 20% on the very high end, this gives us a potential market expansion upwards of $500MM.

With annual revenues of over $10 billion each, HDD giants Seagate and Western Digital may witness only miniscule material effects from this potential market expansion, even on the high end. Although if this above hypothesis holds true then their best-selling personal storage products will be among the first to be picked up off the shelves. On the other hand, data backup companies such as Carbonite (NASDAQ:CARB), with $126MM in 2015 revenues, have the potential to realize meaningful revenue gains should they be able to successfully convert wary MacBook customers.

Regardless of scale, some degree of a market expansion is likely. It is difficult to determine the critical mass that social awareness of ransomware must reach before Mac customers are pushed beyond the tipping point, but it is a factor that should be closely monitored in the coming months.

Disclosure: I/we have no positions in any stocks mentioned, and no plans to initiate any positions within the next 72 hours.

I wrote this article myself, and it expresses my own opinions. I am not receiving compensation for it. I have no business relationship with any company whose stock is mentioned in this article.