Cyber 'worm' attack hits global corporate earnings

By Jim Finkle

TORONTO, Aug 2 (Reuters) - Costly cyber attacks are having a bigger impact on corporate earnings and are becoming a fact of life for companies as Oreo cookie maker Mondelez, drug maker Merck (LSE: 0O14.L - news) and others said that a destructive "worm" attack in the last week of the second quarter disrupted operations.

Mondelez International Inc (Frankfurt: A1J4U0 - news) , the world's second-largest confectionary company, reported a 5 percent drop in quarterly sales on Wednesday, blaming shipping and invoicing delays caused by the June 27 attack of the worm, known as NotPetya.

Other NotPetya victims include Merck (Jakarta: 28586808.JK - news) & Co Inc, which last week warned that NotPetya had halted production of some drugs, saying it has yet to understand the full costs associated with the attack.

The attack also slowed deliveries at FedEx Corp, disrupted port operations of shipping company A.P. Moller-Maersk A/S and halted production lines at British consumer goods maker Reckitt Benckiser PLC (Xetra: A0M1W6 - news) , according to accounts by those companies.

Investors should get used to hearing about cyber attacks during earnings calls, said Ian Winer, equity co-head at Wedbush Securities.

"The trend is accelerating," Winer said. "As hackers get more sophisticated they are taking shots at major companies."

More hackers are becoming adept at developing or finding malware to wipe data on computers, making them inoperable.

One mysterious group known as The Shadow Brokers in April dumped a trove of powerful hacking tools on the Internet, which security experts said were developed by the U.S. National Security Agency. Code the group released was used for spreading NotPetya and in the "WannaCry" attack in May on hospitals, businesses and governments worldwide.

Jake Dollarhide, head of Longbow Asset Management in Tulsa, Oklahoma, which manages $85 million in assets, said he expects cyber attacks to be as common as reports that a storm or oil prices hurt results.

Cyence, a firm that helps insurers measure cyber risk, estimated that economic costs from NotPetya would total $850 million.

Major global cyber attacks have the potential to cause economic losses on par with catastrophic natural disasters such as U.S. Superstorm Sandy in 2012, Cyence and Lloyd's of London Ltd said in a joint report in July. Average economic losses caused by such disruptions could range from $4.6 billion to $121 billion, the report said.

"As stock market investors we have to accept this brand new reality in this new digital age," Longbow's Dollarhide said.

NotPetya is a destructive self-propagating "worm" capable of spreading quickly across computer networks, crippling computers by encrypting hard drives so that machines cannot run.

It has taken victims weeks to get factories and other critical systems back online because businesses must individually replace damaged hard drives.

Most businesses are inadequately protected from cyber attacks, said Tom Kellermann, chief executive of investment firm Strategic Cyber Ventures.

"The day of reckoning has come for shareholders," Kellermann said.

(Reporting by Jim Finkle in Toronto; editing by Anna Driver and Grant McCool)