The Canadian Centre for Cyber Security, along with the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC) in the U.S. issued a joint advisory warning in July about the “Truebot” malware, attributed to the Russian-speaking Silence Group.
Hackers are exploiting a vulnerability in security software Netwrix Auditor, which is used by over 7,000 organizations, including clients in insurance, finance, healthcare, and legal sectors in Canada and the U.S. The malware enables threat actors to execute enumeration and privilege escalation attacks, granting unauthorized access to computer networks and enabling the theft of sensitive information. Truebot poses a significant cybersecurity threat, and the joint advisory urged organizations to take appropriate measures to protect their networks.1
Meanwhile, in the United States, the Securities and Exchange Commission (SEC) is introducing new rules to enhance cybersecurity disclosure by public companies. Under these rules, companies must report “material” cybersecurity breaches within four days of determining their significance.
The SEC aims to protect investors by collecting relevant data promptly. However, companies are pushing back, citing concerns that the short reporting period could harm companies and risk opening them to exploitation by cybercriminals.
The rule change intends to clarify existing reporting criteria, as the SEC finds the current requirements for reporting cybersecurity events inconsistent. Along with the breach disclosure, the SEC seeks additional details like the timing of the incident and its material impact on the company. Management’s expertise in cybersecurity will also need to be disclosed. The final rules will take effect 30 days after publication in the Federal Register.²
And Microsoft announced in July that it is expanding its offerings in the cybersecurity market with two new products, Microsoft Entra Internet Access and Microsoft Entra Private Access, currently in the preview stage.
The Entra products fall under the Secure Access Service Edge (SASE) aspect of cybersecurity and are aimed at providing secure access to cloud and on-premises applications for corporate workers. Entra Private Access service will be an alternative to traditional virtual private networks (VPNs), while Entra Internet Access will allow security admins to control employees’ connections to cloud apps, including Microsoft 365 applications like Teams. By entering the SASE market, Microsoft aims to strengthen its position in the cybersecurity sector, competing with cloud network security providers like Palo Alto Networks and Zscaler (both held by the Fund).
While pricing details are yet to be disclosed, these new offerings could elevate security as a top category for Microsoft, as SASE remains the last and largest cybersecurity segment for which Microsoft has yet to make a play.³
Company Specific Updates
Zscaler, Inc. has released its 2023 ThreatLabz Ransomware Report, highlighting the rise of complex ransomware attacks and key trends in cyber threats. Notably, there has been an increase in attacks on public organizations and those businesses with cyber insurance. The report also sheds light on the growth of ransomware-as-a-service (RaaS), in which threat actors offer their services on the dark web in exchange for a cut of ransomware profits (often 70-80%). The growing popularity of this model has contributed to a nearly 40% surge in ransomware attacks over the past year. Encryption-less extortion, a style of cyberattack prioritizing data exfiltration over encryption, has also become more prevalent.
The United States is the primary target for ransomware attacks, with 40% of victims based there. The next three countries on the list—Canada, the United Kingdom, and Germany—had a combined total of less than half the attacks focused on the U.S. The report found that manufacturing is the most targeted sector globally due to the appeal of intellectual property and critical infrastructure.
The data analyzed by the ThreatLabz team came from the Zscaler security cloud, monitoring over 500 trillion daily signals and blocking 8 billion threats daily through 250,000 security updates.4
CrowdStrike has been honoured with the prestigious 2023 U.S. Independent Software Vendor Partner of the Year award by Amazon Web Services (AWS). This recognition highlights CrowdStrike’s exceptional business model, which prioritizes specialization, innovation, and collaboration. The winners were carefully chosen by a panel of AWS experts, using objective criteria and third-party vendor audits.
The award comes after CrowdStrike’s successful partnership with AWS in developing endpoint security for the OCSF schema, which forms the foundation of AWS’s newly released Amazon Security Lake. Additionally, over the last year, they unveiled a generative AI collaboration for CrowdStrike’s Charlotte AI assistant.
As part of the AWS Partner Network (APN), CrowdStrike is one of AWS’s fastest-growing and largest technology and innovation partners. This acknowledgement by AWS underscores CrowdStrike’s leadership in the cloud security domain, demonstrating their dedication to innovation and success in safeguarding customers’ cloud environments across various segments and locations.5
CYBR ETF: Diversified Investing in Cybersecurity
A cybersecurity ETF offers a great alternative to gaining exposure to this industry without being locked into any single security and without the hassle of hand-picking individual stocks. ETFs allow you to diversify by investing in multiple companies in multiple markets, ensuring that a single market shock won’t tank your portfolio.
Canada’s first cybersecurity ETF, Evolve Cyber Security Index Fund (TSX Ticker: CYBR), invests in global companies involved in the cybersecurity industry. For more information, visit the fund page here: https://evolveetfs.com/cybr/.
Portfolio Strategy and Activity
For the month, Okta Inc made the largest contribution to the Fund, followed by Zscaler Inc and CrowdStrike Inc. The largest detractors to performance for the month were Palo Alto Networks Inc, followed by Blackberry Ltd and Trend Micro Inc.
- Otis, D., “Canadian cybersecurity agency and FBI issue advisory over rising ‘Truebot’ cyberattacks,” CTV News, July 7, 2023; https://www.ctvnews.ca/sci-tech/canadian-cybersecurity-agency-and-fbi-issue-advisory-over-rising-truebot-cyberattacks-1.6471754
- Pisani, B., “The SEC wants corporate America to tell investors more about cybersecurity breaches and what’s being done to fight them,” CNBC, July 26, 2023; https://www.cnbc.com/2023/07/26/sec-wants-to-know-whats-being-done-to-fight-cybersecurity-breaches.html
- Novet, J., “Cloudflare, Palo Alto Networks and Zscaler tumble as Microsoft expands in cybersecurity,” CNBC, July 12, 2023; https://www.cnbc.com/2023/07/12/palo-alto-networks-and-zscaler-tumble-as-microsoft-expands-in-security.html
- “Zscaler 2023 Ransomware Report Shows a Nearly 40% Increase in Global Ransomware Attacks,” Zscaler, June 28, 2023; https://ir.zscaler.com/news-releases/news-release-details/zscaler-2023-ransomware-report-shows-nearly-40-increase-global
- “AWS Selects CrowdStrike for 2023 US ISV Partner of the Year Award,” CrowdStrike, July 27, 2023; https://ir.crowdstrike.com/news-releases/news-release-details/aws-selects-crowdstrike-2023-us-isv-partner-year-award