Category Archives: Cybersecurity & Digital Privacy

Facebook users’ data leaked online, again…

Facebook users’ data leaked online, again…

Over 500 Million Facebook user’s data from 2019 has been made publicly and freely available. While not every record is current, this release still affects many users of the social network.

The data includes phone numbers, Facebook IDs, full names, locations, birthdates, bios, and — in some cases — email addresses.

Source: 533 million Facebook users’ phone numbers and personal data have been leaked online

Cheaters Never Prosper

Cheaters Never Prosper

Video Game publisher Activision recently published a report that outlines how players downloading and installing various cheats for Call of Duty: Warzone are not only gaining an unfair edge over their competitors but are also installing any number of credential stealing, computer compromising, and all-around not good malware as well. Want to get better? Start grinding, or as we like to say, practice makes better!

https://www.activision.com/cdn/research/cheating_cheaters_final.pdf

Cybersecurity Advisory for Public Water Suppliers

Cybersecurity Advisory for Public Water Suppliers

In response to recent disclosures of a water treatment  plant cyber attack State of Massachusetts officials have prepared a review of the attack and a list of resources for municipalities to help combat future attacks.

How public water suppliers can guard against cyber-attacks on water supplies.

Source: Cybersecurity Advisory for Public Water Suppliers

Florida Water Treatment Hack Highlights Infrastructure Weaknesses

Florida Water Treatment Hack Highlights Infrastructure Weaknesses

A combination of lax internal security measures and outdated technology left an Oldsmar, FL water treatment plant vulnerable to hackers who attempted to manipulate treatment chemical levels. Luckily, a worker noticed a mouse pointer moving by itself, observed levels of certain chemicals fluctuating beyond safe parameters and was able to take action to stop the attack. The question now is what can municipalities do to secure infrastructure going forward?

Source: Hack exposes vulnerability of cash-strapped US water plants

Potentially deadly water system hack in Florida

Potentially deadly water system hack in Florida

Since 2020 and 2021 (so far) haven’t been frightening enough, just days before the Super Bowl a hacker tried to break into a Florida city’s water system in order to increase the amount of sodium hydroxide (aka lye) in the city’s water, a potentially deadly and caustic poison.

Thankfully the hacker wasn’t terribly sophisticated and the nefarious attempts were identified and blocked, but it does expose how our increasingly connected world is increasingly vulnerable to nefarious actors. As technology evolves and public utilities, along with nearly every other aspect of our lives, become more connected, and as the move towards 5G allows for more remote monitoring, more opportunities are available to cause harm.

From our homes to our finances, from our cars to our offices and our communities, the need for cybersecurity is only increasing, expanding the tailwinds behind our Cybersecurity and Privacy investment theme Cybersecurity and Privacy investment theme.

Federal investigators are searching for the hacker behind an attempted poisoning of a Florida city’s water system just days before the Super Bowl.

Source: Hack in Florida city’s water system reveals potential cyber risks of many local communities – CBS News

Hack The Army 3.0 Starts Today (01/06/2021)

Hack The Army 3.0 Starts Today (01/06/2021)

The Defense Digital Service, a self described “SWAT team of nerds” along with service provider HackerOne are conducting another in a series of bug bounty programs to help organizations identify potential cybersecurity vulnerabilities.

Military and civilian hackers invited to discover and disclose vulnerabilities in digital assets affiliated with the largest branch of the U.S. Military

Source: HackerOne

Thematics Make Outsized Returns in 2020

Thematics Make Outsized Returns in 2020

To say 2020 was a year unlike any other is an understatement on several fronts but despite all of it, equities finished the year higher and once again the major indices were bested by several of Tematica Research’s thematic indices. That includes several of them topping the outsized (but fairly narrowly driven) 43.6% return for 2020 registered by the Nasdaq Composite Index.

Investing between February 19th and March 23rd was a clear example of “catching a falling knife” as the uncertainty of the impact of an unfolding global pandemic set in. While that uncertainty lingered well into the 2nd quarter, some trends started to emerge that forced changes in both consumer behavior and company business models. Going into the 3rd quarter, equities recovered as economic data and earnings were somewhere between better than expected and not as bad a feared. There were some setbacks in September and October as Covid case counts surged, but stocks were once again surging in early November due to a fresh shot of hopium following positive vaccine developments and the conclusion of the presidential election. 

The bulk of the 2020 gains for the Dow Jones Industrial Average and the S&P 500 came during the fourth quarter, despite the year-end haggling over the pandemic relief bill. The same was true with the small-cap heavy Russell 2000, which climbed 31% in the fourth quarter, outpacing the other major market barometers and enabled its positive return for all of 2020. By comparison, the Nasdaq Composite Index, which closed up more than 40% in 2020, benefited from a number of factors, including the pandemic inspired accelerated shift to digital shopping, work from home and learn from home. That pull-forward in both data consumption and data creation fueled incremental network capacity additions and set up the launch of 5G networks and devices in the second half of the year. The same shift, however, led to a year over year uptick in cyberattacks culminating with the Solar Winds attacks that compromised not just federal institutions and large companies, but also platforms of Microsoft (MSFT) and FireEye (FEYE). Those catalysts in particular led to the strong December quarter showing for Tematica’s Digital Infrastructure & Connectivity and Cybersecurity & Data Privacy investing themes.

What’s to come in 2021?

It’s great to enjoy the wins, but as we all know, the stock market is a forward-looking animal and that means not taking too much time to pat ourselves on the back, but rather preparing for what lies ahead. Even as the COVID-19 vaccine is being administered, it will take months before vaccines are readily available to all who need them. Then, and only then will many politicians feel comfortable fully reopening their economies. On January 4, for example, UK Prime Minister Boris Johnson just ordered a third national lockdown to be in place through mid-February. Yes, there is a light at the end of the tunnel, but we continue to see some economic speed bumps to be had — at least at the outset of the March quarter. 

In the coming weeks, President-elect Joe Biden will be sworn into office, and despite the lawsuits, promises of legislative (and other) disruptions, the machinery of government continues to move forward. Perhaps Capitol Hill will hammer out an infrastructure spending bill that will finally address the nation’s crumbling roads, bridges, ports, airports and highways. The ongoing trade issues with China will also need to be addressed, as well as President Biden’s own agenda items.

Before Biden takes the Oval Office, two known items that we’ll contend with are the CES 2021 tech conference and the start of the December-quarter earnings season. Much like other conferences and trade shows held during the pandemic, CES will be a virtual-only event for the first time in its history. It will still feature a number of keynotes that will prognosticate on what we are likely to expect in the coming year on the technology front and “virtual” vendor booths.  

In recent weeks we’ve seen GDP expectations for the start of 2021 drift lower as the pandemic has once again presented a headwind to the economy and efforts to contain it have expanded. We’re also learning of a new strain of Covid-19 that “spreads more efficiently” but “does not seem to evade the protection that’s afforded by vaccines that are currently being used,” according to Dr. Anthony Fauci. At the same time, the distribution of vaccines in the U.S. has gotten off to a slower-than-expected start. Expectations are that vaccine activity will increase in the coming weeks and we’ll be sure to keep tabs on vaccine-related data published on the CDC COVID Data Tracker website. As the number inoculated rises in the coming months, the closer we will be to the economy returning to normal. 

The issue is it will take some time to walk down this path, which to suggests things won’t begin to normalize until the second half of 2021. We also continue to think consensus expectations run the risk of an economic and earnings speed bump in 2021. Supporting that view is the retreat in the Citibank Economic Surprise Index in recent months, and also the slowing growth reported in the IHS Markit December Flash U.S. Composite PMI data. Part of that was due to the fall in new export sales, as renewed lockdowns in key export markets dampened foreign demand.

All of this is summed up rather well by Chris Williamson, Chief Business Economist at IHS Markit who said, “… December has seen companies rein in their expectations, given the higher virus case numbers and tougher lockdown stances adopted in some states. Lockdowns in other countries were meanwhile reported to have hit exports. While vaccine developments mean some of the clouds caused by the pandemic should lift as we head through 2021, rising case numbers continue to darken the near-term outlook.” 

Normally, there tends to be some step down in economic activity from the December quarter to the March one, as consumer spending wanes in comparison to the year-end holiday shopping season. The start of 2021 is expected to see a somewhat larger step down in GDP — to 1.9% during the March quarter vs. the expected 4.1% in the December 2020 quarter, according to data published by The Wall Street Journal’s Economic Forecasting Survey. That same survey goes on to forecast GDP of 3.7% for all of 2021, which means its expectation for the other three quarters of 2021 hover around 4.0%. 

While recent COVID-19 new cases have waned some in aggregate across the U.S., hot spots remain — and that has prompted the extension of virus-fighting measures even as a new strain of the virus that spreads quicker has been found inside the U.S. Similar to what we saw after Thanksgiving, odds are we will see a post-holiday rise in new case counts in early January. Should this come to pass, in all likelihood it will mean more restrictions that will be a headwind to the economy and corporate earnings.

Earnings expectations ahead

On the December-quarter earnings front, data from FactSet shows that so far in the quarter, more S&P 500 companies issued positive earnings guidance than average. More than 80 companies in the index have issued EPS guidance for the December quarter so far and of them, roughly 30 issued negative EPS guidance and more than 55 issued positive EPS guidance. That puts the percentage of companies issuing positive EPS guidance at more than 65%, well above the five-year average of 33%. This sounds positive, but keep in mind that the total number of companies issuing guidance remains well below the five- year average for the quarter and consensus expectation for December quarter EPS is still a year-over-year decline of around 10%.

Digging into the data, we see the S&P sectors that are driving that year-over-year decline for the December quarter.

But again, the stock market is a forward-looking animal, and current expectations call for a 22.7% rebound in S&P 500 EPS during 2021 vs. 2020, as well as a 4.1% increase compared to 2019.

Circling back to the Tematica Research indices that we shared at the outset, their EPS prospects over the 2019-2021 period are multiples greater than for the S&P 500. We attribute this to the pronounced tailwinds that are powering both each of those themes as well as the revenue, EPS and cash flow of the aggregated constituents. One rule of thumb on Wall Street is that faster EPS growth tends to spur multiple expansion, which is a pretty powerful one-two combination for stock prices and index constituents. Reflecting on the below data, it looks like 2021 will be another year of outperformance for several Tematica Research themes and indices.

U.S. Treasury Cyber Attack

U.S. Treasury Cyber Attack

An assumed nation-state backed group has been monitoring employee emails for some time it was revealed. It is not known yet if access was obtained through a phishing or direct attack on the groups MS Office 365 platform. Officials met Saturday, December 13th to assess the damage and prepare a remedy.

Hackers backed by a foreign government stole information from the U.S. Treasury Department.

Source: U.S. Treasury breached by hackers | CyberNews

California voters approved California Privacy Rights and Enforcement Act. Now what?

California voters approved California Privacy Rights and Enforcement Act. Now what?

On November 3, California citizens approved the California Privacy Rights and Enforcement Act (CPRA), a comprehensive privacy law that expands the California Consumer Privacy Act (CCPA). Of note, the CPRA creates more stringent requirements for companies that collect and share sensitive personal information and creates the California Privacy Protection Agency, which will be responsible for enforcing CPRA violations once the CPRA becomes effective on January 1, 2023. Most privacy experts believe the CPRA moves California closer to the European Union’s General Data Protection Regulation (GDPR).

The CPRA defines “sensitive personal information” as a wide range of data points that includes things like account and login information, precise geolocation data, contents of mail, email and text messages, genetic data, Social Security numbers, drivers licenses, passports, financial accounts, race, ethnicity, religion, union membership, personal communications, genetic and biometric data, health information, and anything about sex life or sexual orientation.

CPRA sets limits on the collection and retention of personal information, requiring a business to retain only that which is reasonably necessary to achieve the purposes for which the personal information was collected or processed. In addition, the CPRA requires businesses to inform consumers of the length of time the business intends to retain each category of personal information and sensitive personal information, or the criteria used to determine that period.

The CPRA also expands the private right of action for consumers to bring claims against a business for the unauthorized access or disclosure of an email address and password or security question that would permit access to an account, along with access to a consumer’s non-encrypted and non-redacted personal information. It creates triple damages for violations relating to consumers who are minors under the age of 16.

One key change in the CCPA requirements in the CPRA is an extension of an exemption for businesses in terms of their employees’ data. The CPRA gives businesses the exemption from meeting the consumer privacy requirements’ tough standards for their employees until January 1, 2023. However, businesses will have to comply with certain aspects of employee privacy protection between now and then.

Source: California voters approved a new and even tougher data privacy act.  What happens now?

Cloudflare and Apple design a new privacy-friendly internet protocol

Cloudflare and Apple design a new privacy-friendly internet protocol

Engineers at Cloudflare (NET) and Apple (AAPL) say they’ve developed a new internet protocol that will shore up against “one of the biggest holes in internet privacy.” Dubbed Oblivious DNS-over-HTTPS (ODoH), as Nick Sullivan, Cloudflare’s head of research explains, it is meant to “separate the information about who is making the query and what the query is.”

Every time you go to visit a website, your browser uses a DNS resolver to convert web addresses to machine-readable IP addresses to locate where a web page is located on the internet. But this process is not encrypted, meaning that every time you load a website the DNS query is sent in the clear. That means the DNS resolver — which might be your internet provider unless you’ve changed it — knows which websites you visit. That’s not great for your privacy, especially since your internet provider can also sell your browsing history to advertisers.

Enter ODoH, which decouples DNS queries from the internet user, preventing the DNS resolver from knowing which sites you visit.

ODoH wraps a layer of encryption around the DNS query and passes it through a proxy server, which acts as a go-between the internet user and the website they want to visit. Because the DNS query is encrypted, the proxy can’t see what’s inside, but acts as a shield to prevent the DNS resolver from seeing who sent the query to begin with.

Cloudflare (NET) is a constituent in the Foxberry Tematica Research Cybersecurity & Data Privacy Index.

 

Source: Cloudflare and Apple design a new privacy-friendly internet protocol | TechCrunch