The reach of Iran’s ballistic missiles taps out at roughly 1,200 miles. The nation’s hackers face no such geographic limits.
A flurry of simple yet effective attacks by Iran in recent weeks has IT departments rethinking their defenses, potentially boosting cybersecurity stocks. State-linked Iranian groups have become especially good at doing more with less, according to researchers at Virginia-based Ultraviolet Cyber.
Check Your 2FA
Rather than “technically complex exploitation,” they excel at rudimentary hacking methods: phishing, brute-force password spraying and social engineering to trick users into granting them system access. “These operations are designed to blend into normal administrative activity, enabling long-term intelligence collection and providing Iran with the option to escalate from espionage to disruption during periods of geopolitical tension,” they wrote. Let this paragraph double as your semi-regular reminder to set up two-factor authentication.
Since the US-Israel war with Iran began on February 28, that option to escalate has been a crucial component in Tehran’s asymmetrical toolbox. Last week, Poland said early evidence in a foiled cyberattack on a nuclear research facility pointed to Iran. At the same time, an Iran-linked hacker group claimed responsibility for a breach of the Albanian parliament’s systems. Palo Alto Networks researchers documented a surge in disruptive pro-Iranian cyber operations with targets including a Turkish media outlet, an Israeli civilian healthcare network, and Persian Gulf airports and financial institutions. The US hasn’t been spared, with Michigan-based medical equipment manufacturer Stryker suffering a worldwide disruption last week when its “internal Microsoft corporate environment” was breached. An Iran-linked hacker group claims it stole reams of data and wiped information from company servers, while Stryker is still bringing ordering systems back online. For every exploitation, there’s a potential market beneficiary:
- Goldman Sachs analysts on Friday highlighted cybersecurity firms as an opportunity amid the S&P 500’s “downside risk” from the Iran war, noting they are often “less volatile than the broader software industry during periods of market stress.”
- That’s proven true this year, with or without conflict: The broader software industry captured by the iShares Expanded Tech-Software Sector ETF is down 20.5%, while the iShares Cybersecurity and Tech ETF is down just 8.8%.
Secret Agentic Man: Four firms, Palo Alto, Okta, Cloudflare, and CrowdStrike, stand out to analysts, and for reasons beyond geopolitics. Each could prove a major beneficiary of the nightmare that so-called agentic artificial intelligence has unleashed on broader software stocks. While agentic AI could wipe out software use cases, IT organizations will need to secure the identities of AI agents and humans alike, increasing cybersecurity demand. Morgan Stanley upgraded its 12-month price target on CrowdStrike to $510, partly due to “favorable AI positioning” and implying 20% upside, while also flagging Palo Alto as likely to benefit.
