It was early — a little after 5 a.m. — long before the dry desert heat kicks in on the Las Vegas Strip. But “Steve,” a manager at the sprawling Venetian casino, was starting to sweat.

Looking out onto the casino floor, the issues were beginning to multiply. Grazie, the rewards program that tracks players’ spending, was completely down. That was a nuisance at this early hour — but it would become a catastrophe as gamblers began to fill the casino in the hours ahead.

Steve pulled out his cellphone and called the 24-hour tech help desk for his employer, Sands, the company that owns the Venetian.

No dice. The techies couldn’t log into the systems on their end.

It was clear that the Venetian wasn’t experiencing an inconvenient glitch.

They were under attack.

Gathering the skeleton crew of IT staffers on hand at that early hour, there was a last-ditch plan: Go out on the floor and unplug every computer. Every single one.

Sands kept the full scale of the attack quiet for almost a year. Ultimately, it wound up costing the company an estimated $40 million between lost profits and rebuilding their computing infrastructure.

None of that money was stolen, though. One of the strange things about the Sands cyberattack was that the hackers weren’t looking to pull a heist. They didn’t want to steal information.

They simply wanted to destroy it.

The first hint at a motive came from the Sands.com website, which had also been hijacked.

The new site put in place by the hackers not-so-subtly referred to some political comments made by Sands’ CEO Sheldon Adelson.

Adelson, an octogenarian billionaire who passed away this January, was a vocal supporter of Israel and conservative causes. Months prior, Adelson had been invited to Yeshiva University for a panel titled Will Jews Exist? During that talk, he suggested that the U.S. should threaten to nuke Tehran, enraging the Iranian regime.

So the brains behind the Sands hack weren’t some ragtag group of political hacktivists…

It was a team almost certainly funded by the Iranian government.

The idea of a nation-state taking aim at an individual through his business was shocking.

And it was also a completely asymmetric attack. While the breach and data destruction cost Sands $40 million, it cost the Iranians very little to carry out.

The Sands attack was a wake-up call for every other company on the planet: Chances are your networks are far more vulnerable than you realize.

And if the Sands attack was a wake-up call, last year’s SolarWinds hack was a three-alarm fire. Instead of targeting a single individual over his political activism, the hack compromised tens of thousands of organizations.

SolarWinds is an enterprise software company that I am personally familiar with. The company’s tools made it a snap to monitor and manage a large network back in my IT heyday.

Then and now the company’s network monitoring tools are useful and highly popular, with 33,000 private and public entities using the Orion product — the company’s IT management platform.

That makes exploiting Orion a perfect target for foreign hackers. If you could hack Orion, you could create a backdoor entrance into some of the most sensitive corporate and government IT environments in the world.

In early 2020, hackers broke into the Austin, Texas-based software company’s systems and inserted entries into Orion’s code base.

The cyberattack might be the perfect form of asymmetrical warfare in the 21st century. The SolarWinds hackers are believed to be Russian and the hack itself an intelligence-gathering effort.

However it is that Orion was compromised, whether it was an inside job or an outside hacker, it doomed SolarWinds customers from the start. When IT departments applied the updated package, not only did they patch their Orion software with the latest version of SolarWinds, but they got the malicious Russian payload too.

But it’s not all doom and gloom. Whenever a major event like this happens, there’s always a company ready to profit off this turning point.

I recently give my premium readers my favorite name in the space – but there are many broader ways to play it, including cybersecurity ETFs with clever ticker symbols like BUG, CYBR and IHAK.

Watch this space for more details on this emerging trend…

To a bright future,

Ray Blanco
Chief Technology Expert, Technology Profits Daily
AskRay@StPaulResearch.com