© Getty Images/iStockphoto Ransomware Attack

More than 40 educational organizations, including 15 in the United States, suffered ransomware attacks launched by the cybercriminal group known as Vice Society, researchers at cybersecurity firm Palo Alto Networks revealed in a report published Tuesday and obtained by CBS News.

Researchers from Palo Alto Network's threat research team, Unit 42, found that hackers targeted the United States in the largest numbers – followed by the United Kingdom, Spain, France, Brazil, Germany and then Italy.

The report tracked how the group, which first surfaced in the summer of 2021, uses a double-extortion playbook. Not only does the consortium of cybercriminals hold data hostage for a hefty fee, but it also threatens to leak the data online.

"Education is so vulnerable to this type of attack because oftentimes organizations don't have the best cybersecurity in place and the best funding for it," said Ryan Olson, vice president of threat intelligence at Palo Alto Networks. "Schools can't compete with a bank or a tech company as far as what they can buy and deploy, and that means that a threat actor who gets into that network is facing a lot less, a lot fewer barriers to go in and launch their attack.

Cybersecurity report warns ransomware group is targeting schools

SHARE

SHARE

TWEET

SHARE

EMAIL

What to watch next

• 

  Prison boss climbed ranks after abuse allegations

  The Associated Press
• 

  AP Explains: Sinema switches to independent

  The Associated Press
• 

  NASA Admin. Bill Nelson breaks down what's next for Artemis

  CNN
• 

  Alexandra Pelosi on Paul Pelosi's recovery from attack

  CBS News
• 

  European country's last 'restaurant bear' freed, non-profit says

  CNN
• 

  Putin: ‘No other questions are being discussed’ after Brittney Griner prisoner swap

  NBC News
• 

  Indiana Republican Group Criticizes GOP Senator For Same-Sex Marriage Vote

  Newsweek
• 

  Biden administration slammed over Paul Whelan imprisonment

  TODAY
• 

  President Zelensky Awards Ukrainian Soldiers For Their Efforts In The War

  Newsweek
• 

  Calls for more support for people living alone

  BBC News
• 

  Sen. Coons: All Americans should celebrate Brittney Griner's return

  MSNBC
• 

  Third Party Candidates Could Earn Trump the Presidency in 2024

  Veuer
• 

  Returning to Cookeville after 2020 tornado

  CBS News
• 

  "48 Hours" reports on murder that was solved with DNA from a juniper tree

  CBS News

Click to expand

UP NEXT

The threat actors have been on the radar of federal law enforcement for months.

Earlier this year, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint bulletin warning that "the education sector, especially kindergarten through twelfth grade (K-12) institutions, have been a frequent target of ransomware attacks" in accurate years.

"Impacts from these attacks have ranged from restricted access to networks and data, delayed exams, canceled school days, and unauthorized access to and theft of personal information regarding students and staff."

The intelligence memo singled out Vice Society for "disproportionately targeting the education sector with ransomware attacks."

And while comprehensive ransomware data proves hard to come by, cybersecurity researchers warn that schools – particularly K-12 institutions – continue to attract the attention of ransomware gangs.

Most schools are not required by law to report cyberattacks to the public, but researchers at K-12 Security Information Exchange say that more than 1,200 cybersecurity incidents have occurred since 2016 at public school districts, nationwide. Earlier this year, the Virginia-based nonprofit published a report accounting for at least 209 ransomware attacks against K-12 institutions from 2016-2021.

The new findings by Palo Alto Networks revealed "noticeable spikes" in attacks perpetrated by Vice Society during the spring and fall months, an indication the group may be "timing campaigns to coincide with this sector's unique calendar year."

"You could guess attackers just happened to hit in the fall, but it's much more likely they were thoughtful about making an impact as the schools are beginning," said Olson.

Vice Society operates unlike other notorious ransomware groups, opting out of the ransomware-as-a-service (RaaS) model, in which criminal gangs sell or rent their hacking software or services to the highest bidder, according to researchers. Instead, the group utilizes pre-existing ransomware – including well-known variants HelloKitty and Zeppelin – to extort victims.

Researchers at Palo Alto Networks have not tied the group's members to a specific geographic location, though posts and communications from the cybercriminal gang have appeared on the dark web in both English and Russian.

Researchers estimate the threat actors "have impacted more than 100 organizations in total," including 40 cases impacting educational organizations, 13 targeting health care and 12 targeting state and local governments.

According to Palo Alto Networks' analysis, of the schools and education organizations targeted by the cybercriminal group, 15 are based in the U.S., with 10 located in the United Kingdom. Other incidents are sprinkled across Colombia, Brazil, France, Malaysia, Austria, Canada and Ukraine.

The report noted, "the group appears to be targeting more educational organizations based in California."

Earlier this year, a ransomware attack targeted Los Angeles Unified School District, the second largest school district in the U.S. Although school administrators have not confirmed the actors behind the incident, Vice Society has publicly claimed credit for the Labor Day weekend breach.

The district characterized the cyberattack as a "significant disruption to our system's infrastructure," with 500 gigabytes of data stolen. Still, classes continued.

"If you hit a company and shut down their financial payment system, that's going to be frustrating for that company," Olson said. "But if a school starts to shut down in an area, it is going to impact all of the students, teachers, their parents. It's absolutely going to be news. That's going to put a lot of pressure on administrators to get things working again. Ransomware actors want people in a position where they need to get operations going again quickly, because that's what's going to make them pay."

After LAUSD administrators refused to pay a ransom, cybercriminals posted more than 250,000 files and images on the dark web, including potentially sensitive information, according to the cybersecurity firm Checkpoint Research.

"Vice Society and its consistent targeting of the education industry vertical, particularly around the September time frame, serves as a warning that this group has shaped their campaigns to take advantage of the school year in the U.S.," Palo Alto Networks said in its report. "It's likely they'll maintain use of the tactics to impact the cyberthreat landscape moving forward, as long as their activities continue to be lucrative for them."  

Earlier this year, CISA previewed a plan to enhance cybersecurity protections in local communities, with a focus on the particularly vulnerable: K-12 schools, hospitals and water treatment facilities. CISA Director Jen Easterly noted in October that not all organizations are "investing millions and billions of dollars like some in the finance and energy [sectors] are."

Homeland Security Secretary Alejandro Mayorkas said Monday at a Center for Strategic and International Studies event in Washington, D.C., "Even the smallest organizations stand on the frontlines defending against the most sophisticated nation states and non-nation state threats." 

The cabinet secretary warned that cyberattacks continue to "[grow] in number and gravity," allowing U.S. adversaries to launch "a new kind of warfare" with a single keystroke.

For their part, Olson said researchers at Palo Alto Networks are currently developing better cybersecurity tools to help preempt attacks launched by Vice Society. "One of the things we looked at is, how long were threat actors inside the network before they actually launched an attack?" Olson said. His team identified an average "dwell time" of six days.

"Tracking all of this information is what allows us to respond more quickly and more effectively to incident response cases," Olsen said.

Palo Alto Networks (PANW -1.17%) is still growing, and it is still churning out profits. Those were the main takeaways from the cybersecurity specialist's mid-November earnings report, which extended the company's positive momentum into a new fiscal year.

The management team raised their fiscal 2023 projections despite pressures on IT budgets and slowing economic growth in many markets. Let's take a look at whether that new outlook strengthens the bullish case for this tech stock.

The demand trends

Many IT companies are cutting costs today, including through layoffs and reduced advertising spending. But they continue to prioritize spending on the type of security management services that Palo Alto Networks provides.

Sales rose 25% in the fiscal Q1 period that ran through late October, the company said on Nov. 17. That result pushed revenue to $1.6 billion, comfortably exceeding the outlook range that management issued in late August.

While investors shouldn't read too much into any single quarter's growth, it is encouraging that Palo Alto Networks has posted several consecutive quarters of strong sales. That streak points to something more sustainable than simply closing a few large contracts in the period.

That good news also showed up in areas like Palo Alto's growing list of large enterprise clients and its expanding contract sizes. CEO Nikesh Arora said in a news release, "Our growth was driven by customers continuing to increase their commitments to our security platforms."

Financial wins

Investors should be just as thrilled with the progress the company is making on its finances. Palo Alto booked its second consecutive quarter of profitability. Operating cash flow was strong, too. Executives said back in August that they were seeking to deliver a balance between growth and expanding profit margins. This report reflects success on that score.

There is more good news ahead: Executives raised their 2023 outlook on both sales and earnings. They now expect revenue to raise by as much as 26% this year, up from the prior 25% target. Forecasts for cash flow and earnings received modest upgrades as well.

Is it a buy?

Despite its success in winning market share and generating solid profits, Palo Alto Networks' stock has barely kept pace with the market in 2022. Its valuation has dropped to below 9 times annual sales, compared to over 12 at other points in the year.

Sure, that discount reflects the potential for a recession ahead that might pressure sales over the coming quarters. A sharp economic slowdown could threaten Palo Alto Networks' profitability, given that it only recently started generating positive operating earnings.

However, the company has many of the ingredients that investors are seeking in a growth stock. It is gaining market share in a large, expanding industry. Palo Alto Networks' platform is winning a prime place in IT budgets, too, which means its services might stay in high demand even as enterprises cut spending elsewhere.

And its expanding profit margin in a volatile selling environment shows that the company could have strong pricing and earnings power. While the wider industry might be set for contraction over the short term, patient investors can look past those pressures to simply hold this attractive growth stock.

Palo Alto Networks (NASDAQ:PANW) is an iconic cybersecurity company that is known as a best-in-class provider of hardware-based firewalls. However, over the past few years, the company has reinvented itself with a series of cloud and software-based security products. This transformation has gone exceptionally well as the company now has 13 leadership recognitions across Network Security, Cloud Security and Threat Detection.

The cybersecurity industry is forecasted to grow at a 13.33% CAGR, between 2022 and 2026 reaching a market value of $299 billion by the end of the period. Palo Alto is poised to ride this growth trend as organizations require security for their multi-cloud services. In this post I'm going to break down the company's financials and valuation, let's dive in.

Strong Financials

Palo Alto Networks reported strong financial results for the first quarter of the fiscal year 2023. Revenue was $1.56 billion, which increased by a rapid 25% year over year and beat analyst expectations by $12.21 million.

Overall revenue was driven by solid Product revenue growth of 12% and total services revenue growth of 30%. By geography, the business saw growth across all regions with the EMEA region being a standout performer, as revenue increased by 32% year over year. This was followed by the JPAC countries (26% revenue growth) and the Americas at 24% revenue growth.

The company's "next generation" security [NGS] platform, which includes the Cortex, Prisma Cloud and Prisma SASE reported solid growth. NGS Annual recurring revenue [ARR] increased by a blistering 67% year over year to a record $2.11 billion. For more on the company's products, you can read my past report on Palo Alto Networks.

Taking a step back, "Billings", which is the amount actually invoiced to customers and the true "top line" for SaaS companies also showed solid growth. Total Billings increased by 27% year over year to $1.75 billion.

Remaining performance obligations (RPO), which is the sum of Deferred Revenue and Backlog, was increased by a rapid 38% year over year to $8.3 billion.

Notable customer wins in the quarter included a 9-figure deal with a U.S Federal government agency for the Cortex product. There was also a 7-figure deal with a large U.S Utility company for its software firewalls and Prisma Cloud technology. The company in question opted to use Prisma cloud as the platform to offer standardized security across 4 public clouds. This is an interesting point to note as a study indicates that 89% of IT decision-makers have a multi-cloud strategy. This is for a few reasons, firstly is security as some companies may prefer to keep some of their applications or data onsite due to regulations or legacy setups. In addition, each major cloud provider AWS, Azure and Google Cloud has various advantages in different areas. Therefore adopting a multi-cloud approach allows organizations to get the best of both worlds while not being tied to a specific vendor.

Historically many cybersecurity companies offered single-point solutions, this was great in the short term as specialist businesses produced the best products. However, as organizations adopt multiple solutions the IT security tech stack can become time-consuming and complex to manage with multiple different updates, patches, and dealing with multiple vendors. Palo Alto Networks aims to simplify this with its single vendor, the Next generation security platform. In the most accurate quarter, the company signed an 8-figure multi-product deal with a major European media company, as they consolidated all their legacy security platforms. The company also closed a 7-figure deal with a U.S technology company that adopted all three of its next gen products.

Palo Alto Networks has also continued to generate strong upsells and cross-sells for its products for its largest customers. For example, the number of "Millionaire" customers, which are those with over $1 million in bookings over the past year, has risen substantially. Over 230 more of these "high ticket" customers have been added over the past year.

Profitability and Expenses

Palo Alto Networks reported a Non-GAAP Gross margin of 74.35 which declined by 10% year over year. This was mainly due to supply chain expenses related to component shipping and doesn't look to be a long-term issue. The good news is the company reported an Operating Margin of 20.6% which increased by 260 basis points year over year. This was driven by lower expenses as a portion of revenue across its three main expenses, R&D, Sales and Marketing, and G&A. This is great to see as it shows the business is demonstrating operating leverage while still continuing to grow the top line.

Non-GAAP Net income increased by a rapid 56% year over year to $266 million.

Earnings Per Share were $0.06, which beat analyst expectations by $0.11. The company also reported cash flow from operations of $1.24 billion and reported a record free cash flow of $1.2 billion. This was driven slightly by strong collections in the quarter, but still a great achievement overall.

Palo Alto Networks has a solid balance sheet with $5.9 billion in cash, cash equivalents and short-term investments. However, the company does have $3.68 billion in current debt of the Convertible senior note type, which must be taken into account.

Management has raised its guidance on the strong quarter, full details are in the table below.

Advanced Valuation

In order to value Palo Alto Networks, I have plugged the latest financials into my advanced valuation model which uses the discounted cash flow method of valuation. I have forecasted 25% revenue growth for next year which is aligned with management estimates. However, I am forecasting this revenue growth to accelerate to 27% per year in years 2 to 5, as the economy recovers and the Next Gen Security offering continues to make up a larger portion of total revenue.

To increase the accuracy of the valuation, I have capitalized R&D expenses, which has lifted operating income. In addition, I have forecasted the business to its operating margin to 23% over the next 8 years, as it continues to generate high operating leverage.

Given these factors, I get a fair value of $163 per share, the stock is trading at $171 per share at the time of writing and thus is fairly valued but not exactly cheap. Palo Alto Networks also trades at a Price to Sales ratio = 8 which is fairly valued relative to its 5-year average. Relative to other companies in the cybersecurity industry, Palo Alto Networks is trading at one of the cheapest levels.

Risks

Recession/Longer Sales Cycles

The high inflation and rising interest rate environment have caused many analysts to forecast a recession. Therefore, many companies are likely to reduce or delay spending which could result in longer sales cycles. So far, we are not seeing many signs of this with Palo Alto Networks but it is a general market risk.

Final Thoughts

Palo Alto Networks is a tremendous cybersecurity company that has reinvented their product suite in immense style. The company has continued to produce solid financial results despite tough economic conditions. However, the stock isn't exactly cheap, it is "fairly valued" at the time of writing.

Analysts have provided the following ratings for Palo Alto Networks (NASDAQ:PANW) within the last quarter:

These 19 analysts have an average price target of $228.86 versus the current price of Palo Alto Networks at $177.59, implying upside.

Below is a summary of how these 19 analysts rated Palo Alto Networks over the past 3 months. The greater the number of bullish ratings, the more positive analysts are on the stock and the greater the number of bearish ratings, the more negative analysts are on the stock

This current average has decreased by 33.1% from the previous average price target of $342.07.

Stay up to date on Palo Alto Networks analyst ratings.

Analysts work in banking and financial systems and typically specialize in reporting for stocks or defined sectors. Analysts may attend company conference calls and meetings, research company financial statements, and communicate with insiders to publish "analyst ratings" for stocks. Analysts typically rate each stock once per quarter.

Some analysts will also offer forecasts for metrics like growth estimates, earnings, and revenue to provide further guidance on stocks. Investors who use analyst ratings should note that this specialized advice comes from humans and may be subject to error.

This article was generated by Benzinga's automated content engine and reviewed by an editor.

More than 40 educational organizations, including 15 in the United States, suffered ransomware attacks launched by the cybercriminal group known as Vice Society, researchers at cybersecurity firm Palo Alto Networks revealed in a report published Tuesday and obtained by CBS News.

Over the past 3 months, 19 analysts have published their opinion on Palo Alto Networks (NASDAQ:PANW) stock. These analysts are typically employed by large Wall Street banks and tasked with understanding a company's business to predict how a stock will trade over the upcoming year.

These 19 analysts have an average price target of $228.86 versus the current price of Palo Alto Networks at $176.49, implying upside.

Below is a summary of how these 19 analysts rated Palo Alto Networks over the past 3 months. The greater the number of bullish ratings, the more positive analysts are on the stock and the greater the number of bearish ratings, the more negative analysts are on the stock

This current average has decreased by 33.1% from the previous average price target of $342.07.

Stay up to date on Palo Alto Networks analyst ratings.

Analysts are certified within banking and financial systems that typically report for specific stocks or within defined sectors. These people research company financial statements, sit in conference calls and meetings, and speak with relevant insiders to determine what are known as analyst ratings for stocks. Typically, analysts will rate each stock once a quarter.

Some analysts publish their predictions for metrics such as growth estimates, earnings, and revenue to provide additional guidance with their ratings. When using analyst ratings, it is important to keep in mind that stock and sector analysts are also human and are only offering their opinions to investors.

If you want to keep track of which analysts are outperforming others, you can view updated analyst ratings along withanalyst success scores in Benzinga Pro.

This article was generated by Benzinga's automated content engine and reviewed by an editor.