The FBI announced that it has dismantled a global network of compromised computer devices responsible for extorting millions worldwide. Known as “Qakbot,” this network is among the world’s most infamous “botnets,” remote-controlled computer networks used to launch phishing attacks. These attacks serve as a gateway to introduce ransomware into victims’ systems.
Qakbot played a pivotal role in cyberattacks against various entities both globally and in the United States since it became operational in 2008. In the U.S. alone, Qakbot has been responsible for breaches of East Coast financial institutions, a Midwest government contractor, a West Coast medical device manufacturer, the San Bernardino County Sheriff’s Department, and Prospect Medical Group. This hospital-based attack resulted in emergency room closures across the United States.
U.S. officials estimated that in its decade-plus of operation, Qakbot infected approximately 200,000 U.S. computers and 700,000 worldwide, making the takedown of this network a significant victory in the ongoing battle against cyber threats.¹
At the same time, a number of incidents underscored the persistent threat posed by state-sponsored actors in cyberattacks targeting critical infrastructure and businesses.
Polish intelligence is probing a cyberattack on the nation’s railways that disrupted traffic in the northwest. Hackers infiltrated railway frequencies, causing trains in the region to stop abruptly. The signals carried Russia’s national anthem and a speech by Vladimir Putin. Poland’s significance as a transit corridor for Western weapons destined for Ukraine adds geopolitical context to the attack.²
Meanwhile, the notorious Russian ransomware group, LockBit, threatened a dark web leak of internal data from The Weather Network’s parent company after crippling the Canadian firm’s operations. The incident disrupted services for users of apps for the Weather Network, French-language MétéoMédia, and El Tiempo, based in Spain. The hack even impacted the ability of newspapers like The Globe and Mail to publish weather forecasts for several days.³
And U.S. and Japanese authorities cautioned about state-sponsored hackers linked to China manipulating router software to target government, technology, telecommunications, and defence in various nations. The group, known as BlackTech, infiltrates international subsidiaries’ networks to gain undetected access to U.S. and Japanese company headquarters. BlackTech employs various techniques to remain hidden, including utilizing legitimate tools within the victim’s environment (known as “living off the land”).⁴
Company Specific Updates
CrowdStrike Holdings, Inc
CrowdStrike has unveiled the AWS & CrowdStrike Cybersecurity Startup Accelerator, to nurture disruptive cybersecurity startups across Europe, the Middle East, and Africa (EMEA). This accelerator program seeks to empower the next generation of cybersecurity innovators in these regions.
Selected startups will benefit from a tailored support system, including mentorship, technical guidance, and valuable partnership prospects. These resources will be made available through the AWS Startup Loft Accelerator program.
Moreover, promising early-stage cybersecurity ventures stand to gain financial backing from the CrowdStrike Falcon Fund, an influential cross-stage investment fund in the cybersecurity domain. Its overarching objective is cultivating a network of future security leaders united by a shared mission and allowing CrowdStrike clients to harness cutting-edge third-party capabilities.⁵
Netcompany Group A/S
Netcompany has initiated a strategic partnership by acquiring a 20% stake in Festina Finance, a prominent FinTech company based in Denmark. Festina Finance specializes in cutting-edge software solutions for the Life and Pension industry, primarily serving clients in Denmark and the Netherlands. This partnership will expand Festina Finance’s market reach and significantly enhance Netcompany’s offerings within the financial technology space.
Festina Finance’s advanced software is widely used for advisory purposes by over 20 member banks in Denmark and several building societies in the U.K. With this investment, Netcompany aims to broaden its expertise in the financial services industry, including insurance, life pension, and banking, aligning with its strategic goals for increased presence in this sector. Additionally, Netcompany’s expertise in cybersecurity will bolster customer confidence in Festina Finance’s large-scale IT projects.⁶
CYBR ETF: Diversified Investing in Cybersecurity
A cybersecurity ETF offers a great alternative to gaining exposure to this industry without being locked into any single security, and without the hassle of hand-picking individual stocks. ETFs allow you to diversify by investing in multiple companies in multiple markets, ensuring that a single market shock won’t tank your portfolio.
Canada’s first cybersecurity ETF, Evolve Cyber Security Index Fund (TSX Ticker: CYBR), invests in global companies involved in the cyber security industry. For more information, visit the fund page here: https://evolveetfs.com/cybr/.
Portfolio Strategy and Activity
For the month, Darktrace PLC made the largest contribution to the Fund, followed by CrowdStrike Holdings, Inc and Netcompany Group A/S. The largest detractors to performance for the month were Trend Micro Inc, followed by BlackBerry Ltd and NEXTDC Ltd.
- Murphy, M., “FBI Dismantles a Malware System That Took Millions in Ransom,” Bloomberg, August 29, 2023; https://www.bloomberg.com/news/articles/2023-08-29/fbi-dismantles-a-malware-system-that-took-millions-in-ransom
- “Poland investigates cyber-attack on rail network,” BBC News, August 26, 2023; https://www.bbc.com/news/world-europe-66630260
- Durrani, T., “Russian ransomware LockBit threatens to leak internal data from The Weather Network on dark web,” The Globe and Mail, September 22, 2023; https://www.theglobeandmail.com/business/article-russia-ransomware-weather-network/
- Tarabay, J. & Manson, K., “US, Japan Warn of China-Linked Hackers Hiding in Router Software,” Bloomberg, September 27, 2023; https://www.bloomberg.com/news/articles/2023-09-27/us-japan-warn-of-china-linked-hackers-hiding-in-router-software
- “CrowdStrike Launches Startup Accelerator with AWS to Support Next Generation of Cloud-Native Cybersecurity Companies,” Yahoo Finance, September 27, 2023; https://finance.yahoo.com/news/crowdstrike-launches-startup-accelerator-aws-130000502.html
- “Netcompany acquires a 20% stake in leading FinTech company to form a strategic partnership,” Netcompany, September 7, 2023; https://netcompany.com/netcompany-acquires-stake-in-leading-fintech-company/