Tag Archives: feye

Middle Eastern Banks Hacked After $81 Mil Bangladesh Heist: FireEye

FireEye ( FEYE ) researchers say a series of cyberattacks on Middle Eastern banks isn’t related to an earlier digital heist of Bangladesh Bank that netted $81 million, but didn’t say whether it has ties to similar assults on banks in Ecuador and Vietnam. This month, FireEye’s DTI (dynamic threat intelligence) discovered “a wave of emails containing malicious attachments being sent to multiple banks in the Middle East region,” according to a company blog post Sunday. “The threat actors appear to be performing initial reconnaissance against would-be targets,” researchers wrote, “and the attacks caught our attention since they were using unique scripts not commonly seen in crimeware campaigns.” A FireEye spokesman told IBD the Middle Eastern assault doesn’t appear to be related to a recent attack on Bangladesh Bank, but didn’t say whether it could be tied to breaches of banks in Ecuador and Vietnam. The Bangladesh breach is one of the biggest in history. FireEye reportedly was hired to investigate . In the Middle East case, hackers sent malware-infused emails with themes related to IT infrastructure “such as a log of sever status report or a list of Cisco Iron Port Appliance details,” FireEye researchers wrote. Employees forwarded the email on, containing an infected, macros-enabled Microsoft Excel file. Microsoft Office documents are frequently used in crimeware campaigns because default settings require users to order macros to run. “Attackers may convince victims to enable risky macro code by telling them that the macro is required to view ‘protected content,’” researchers wrote. But this campaign took it a step further, hiding the malware in plain sight. “This was done for the purpose of social engineering — specifically, to convince the victim that enabling the macro did, in fact, result in the ‘unhiding’ of additional spreadsheet data,” researchers wrote. Hackers installed a batch file to collect important system data including user and group accounts, network configuration data and running processes. Unusually, the malware used DNS (domain name system) queries to extract the data. “This was likely done because DNS is required for normal network operations,” researchers said. “The DNS protocol is unlikely to be blocked and its use is unlikely to raise suspicion among network defenders.” Users can protect themselves by disabling Microsoft Office macros “and also by being more vigilant when enabling macros,” FireEye said. In morning trading on the stock market today , FireEye stock lifted more than 4.5%, outplaying the IBD Computer Software-Security industry group, which collectively was up a fraction. Palo Alto Networks ( PANW ) and Symantec ( SYMC ) stocks were up 2% and a fraction, respectively.

CyberArk Defies Broad Security Tumble On ‘Broadening’ Sales Views

CyberArk Software ( CYBR ) stock lifted Thursday on a bullish report from Imperial Capital that sees an 8% upside to the privileged account manager’s Q1 earnings, posted early this month, driven by increased cross-selling opportunities and broader greenfield adoption. Imperial Capital analyst Michael Kim kept his in-line rating on CyberArk stock, but boosted his price target to 45 from 41. In early afternoon trading on the stock market today , CyberArk stock was up 2%, near 42, and touched a six-week high at 42.94. But shares are 16% off a 2016 high of 49.56, achieved Jan. 22. The lift defied a fractional decline in IBD’s 26-company Computer Software-Security industry group. Shares of Imperva ( IMPV ), FireEye ( FEYE ),  Check Point Software Technology ( CHKP ) and  Symantec ( SYMC ) were all down more than 1% apiece Thursday afternoon. “At current levels, we think CyberArk shares offer balanced risk/reward,” Kim wrote in a research report. “Investors could become more constructive as the company gains greater scale and broader adoption of its new offerings.” Kim expects less volatile near-term license revenue growth and margin expansion. But he cut his 2017 earnings per share minus items view to $1.14 from $1.16 on expected investments in growth. Wall Street models $1.13, up 23% above 2016 views for 92 cents. CyberArk still has runway to add new customers, Kim wrote. During Q1, CyberArk added 100 new customers, bringing the company’s installed base to 2,600. Nearly a third of new customers added three or more products, “highlighting the company’s broadening cross-selling and up-selling opportunities.” In Q1, CyberArk also doubled its sales in its government, health care, retail, media and education segments. License revenue grew 38% vs. the year-earlier quarter, trailing 50% growth in the maintenance and professional services business.

Broad Security Freeze: Palo Alto Demand Stalls; Q2 Views Lukewarm

Palo Alto Networks ( PANW ) stock tumbled Thursday after a Piper Jaffray analyst said that lackluster April demand and Q2 guidance from Check Point Software Technology ( CHKP ), FireEye ( FEYE ) and Imperva ( IMPV ) could signal a broad cybersecurity slowdown. IBD’s 26-company Computer Software-Security industry group is down 18.5% for the year after toppling 32% through Feb. 9, on bleak guidance for IT spending from firms like LinkedIn ( LNKD ) and Tableau Software ( DATA ). Barracuda Networks ( CUDA ), Check Point, FireEye and Fortinet ( FTNT ) recently missed full-year views. Imperva and Proofpoint ‘s ( PFPT ) Q2 outlooks lagged the consensus. Now, channel checks show April demand slowed, Piper Jaffray analyst Andrew Nowinski says. “The key takeaway from Q1 earnings season is that the security sector is starting to show signs of slowing based on the guidance that was provided for Q2 and fiscal 2016,” he wrote in a research report Thursday. Cybersecurity stocks toppled Thursday on Nowinski’s assessment. IBD’s security group was down 2% in morning trading on the stock market today , with Palo Alto Networks and FireEye stocks leading the deluge, down a respective 6% and 4%. Palo Alto Networks stock was at a two-month low, near 130. IBD’s Take: How does Palo Alto Networks stack up, and how does it compare to its rivals? Find out at IBD Stock Checkup But some analysts say Palo Alto Networks could beat guidance when it posts fiscal Q3 earnings on May 26. The company has topped the high-end of its outlook by an average 5.6% for the past 11 quarters. To do so again, Palo Alto would have to report $356 million in sales. The consensus of 43 analysts polled by Thomson Reuters models $339.4 million in April-quarter sales, which would be up 45% vs. the year-earlier quarter. But $549.5 million in July-quarter billings expectations, up 40%, might be too aggressive, Nowinski wrote. During the April quarter, some delays in large contracts likely hurt Palo Alto Networks, Nowinski wrote. “Most (resellers) thought it was simply due to a ‘digestion period’ where customers were still trying to integrate products they purchased in 2015,” he wrote. “The results definitely indicate demand slowed sequentially and also on a year-over-year basis.” Nowinski expects Palo Alto Networks to at least meet estimates, but he cut his price target on Palo Alto Networks stock to 180 from 208. He reiterated an outperform rating, but wrote that “this is the first quarter in at least two years where we picked up any sort of slowdown in Palo Alto’s demand trends.”