Q4 2021 Cyber Security Update Cyber Security News - Nasdaq

January 2022

Q4 2021 Cyber Security Update

Cyber Security News

? Log4j Security Flaw o In early December, it was reported that that there was a massive flaw in Log4j, a Javalogging library that is distributed free as open-source software by the nonprofit Apache Software Foundation. According to The Wall Street Journal, Log4j "has been downloaded millions of times and is among the most widely used tools to collect information across corporate computer networks, websites and applications."i o According to Cloudflare, Inc. (NYSE: NET), a leading global cloud services provider, the vulnerability was most likely first exploited December 1st and that it took nine days until it was publicly disclosed.ii o What's at stake? The vulnerability is such that attackers can access a computer or system remotely, and take control, steal data, install malware, or use the resources of the computer to mine for cryptocurrency. o ZDNet said it best, basically "any device that's exposed to the internet is at risk if it's running Apache Log4J."iii o The Wall Street Journal reported, "U.S. officials said hundreds of millions of devices were at risk and issued an emergency directive ordering federal agencies to take steps to mitigate the threat by Christmas Eve."iv

? In December 2021, The Israel Finance Ministry hosted a financial cyberattack war game with nine other countries, the World Bank, and the IMF. According to Reuters, "the simulation -likely caused by what officials called "sophisticated" players -- featured several types of attacks that impacted global foreign exchange and bond markets, liquidity, integrity of data and transactions between importers and exporters."v The exercise was called, "Collective Strength," and included participants from Israel, the United States, the United Kingdom, United Arab Emirates, Austria, Switzerland, Germany, Italy, the Netherlands and Thailand, as well as representatives from the International Monetary Fund, World Bank and Bank of International Settlements.vi

? President Biden and his administration continue to push for more cooperation between the

public and private sectors as it relates to cyber security and defending US businesses, interests, and citizens from cyber-attacks. In December 2021, key government cyber security officials, such as the director of the Cybersecurity and Infrastructure Security Agency and the National Cyber Director, met with thirteen technology and security firms, to strengthen the relationships between the government and the industry.vii

? The US government has offered a $10 million reward for information leading to the leaders or

members of the DarkSide cybergang. The cybergang was responsible for the Colonial Pipeline ransomware attack in May 2021. In addition, the government is willing to offer a reward of $5 million for information leading to the arrest and/ or conviction in any country of any individual who participates or attempt to participate in a DarkSide variant ransomware attack.viii

Notable Attacks & Breaches

January 2022

? In October, Coinbase, a leading cryptocurrency exchange, was breached, as unauthorized access

took place across nearly 6,000 accounts and some accounts even had funds stolen.ix ? The online trading platform, Robinhood, disclosed a data breach in November of nearly five

million customers. Personal data, such as email address, names, and date of birth, were accessed by an unauthorized party.x

? Natural gas supplier, Super Plus, was a victim of a ransomware attack in mid-December 2021

that caused a disruption to their systems. According to CPO Magazine, "Superior Plus is a multibillion-dollar company supplying energy-related products and services to over 780,000 customer locations in the United States and Canada."xi

? MediaMarkkt, one of Europe's largest electronics retailers, was a victim of a ransomware attack

in November 2021. The hackers initially demanded a ransom payment of $240 million but then reduced the ransom to $50 with payment in bitcoin. MediaMarkkt's servers were encrypted, causing the company to shut down its computer systems. xii ? Danish wind turbine giant Vestas Wind Systems detected a cyber security breach on November 19, and immediately shut down its IT systems across multiple business units and locations.xiii The company later confirmed that ransomware was indeed used, and the incident resulted in data getting compromised, but the wind turbine and supply chain operations were unaffected.

? WordPress was the victim of a massive wave of cyber-attacks, as 1.6 million of their sites were

maliciously targeted by a swarm of over 16,000 IPs. xiv

New Products

? On November 2021, Juniper Networks (NYSE: JNPR), a 3.42% weighting in ISE Cyber Security UCITS Index (HUR)? as of December 31, 2021 (weightings highlighted in this report are based on this "as of" date), introduced IoT Assurance service and a new support solution called Juniper Support Insights, which utilizes AI-driven support and includes enhanced elements of security and privacy.xv

? Fortinet (NASDAQ: FTNT), 3.24% weighting in HUR, announced seven new service providers to its Fortinet Secure SD-WAN service portfolios.xvi These new partnerships help to expand their global capabilities.

? On November 16, 2021, Palo Alto Networks (NASDAQ: PANW), a 3.06% weighting in HUR, launched a new offering - Cortex Extended Detection and Response (XDMR) Partner Specialization offering. This new offering will "help customers detect, investigate and respond to cyberthreats across endpoint, network and cloud assets."xvii

? M&A Activity

? On October 8, 2021, FireEye and McAfee Enterprise successfully combined, after Symphony Technology Group (STG), a private equity firm, completed their integration. STG acquired McAfee's Enterprise business back in July 2021 and announced the acquisition of FireEye in June

January 2022 2021. According to the press release detailing the completed acquisitions and integration, "the combined business delivers an integrated security platform designed to protect customers across endpoints, infrastructure, applications, and in the cloud."xviii STG acquired the FireEye business from Mandiant (NASDAQ: MNDT), a 2.60% weighting in HUR, for $1.2 billion. ? Akamai Technologies, Inc. (NASDAQ: AKAM), 2.95% weighting in HUR, completed its acquisition of Guardicore, a Tel Aviv based company, for $600 million. Guardicore's technology stops malicious lateral movement by creating silos between servers, operating systems, applications, and cloud instances. The acquisition bolsters Akamai's portfolio of "Zero Trust solutions to protect enterprises from damage caused by breaches like ransomware, while safeguarding the critical assets at the core of the network."xix ? CrowdStrike Holdings, Inc. (NASDAQ: CRWD), 2.19% weighting in HUR, completed the acquisition of SecureCircle, a "SaaS-based cybersecurity service that extends Zero Trust security to data on, from and to the endpoint."xx The deal was completed November 30, 2021. ? On December 10, 2021, ManTech International Corporation (NASDAQ: MANT), 1.01% weighting in the HUR, completed the acquisition of Gryphon Technologies, an engineering firm specializing in "model-based systems engineering, predictive analytics, data/computational science and cloud engineering solutions that drive mission success for an array of Department of Defense agencies."xxi Gryphon Technologies strengthens ManTech's capabilities in cybersecurity as they provide a "focus on cybersecurity for control systems of all Navy platforms and systems."xxii ? Private equity firm Permira to shell $5.8 billion to acquire Mimecast Limited (NASDAQ: MIME), 1.31% in HUR, the third email security vendor to be acquired this year. The deal is expected to close in the first half of 2022 and Mimecast's shareholders would receive $80 per share in cash, representing a 16% premium over the company's October 27 closing share price. "Mimecast is widely recognized as an established leader and innovator in the email security space with a strong and growing position in the enterprise market."xxiii The deal comes four months after Thoma Bravo (a private equity firm) purchased Mimecast's competitor Proofpoint for $12.3 billion. Both companies have similar technologies but cater to different customer bases.

ISE Cyber Security UCITS IndexTM (HURTM) Update

? The Technology industry was in positive territory in Q4 2021, as the Nasdaq Global Technology Net Total Return IndexTM (NQG10NTM) returned +10.99%. The broader market, as defined by the Nasdaq Global Net Total Return IndexTM (NQGINTM) returned +5.89% during the previous quarter.

? The ISE Cyber Security UCITS Net Total Return IndexTM (HURNTRTM) returned +1.47% in Q4 2021. The index finished 2021 up +8.67%, compared to +18.11% for NQGIN and +28.88% for NQG10N.

? Performance (total return performance in US Dollars ($USD)) leaders in the HUR index in Q4 2021 were Ahnlab, Inc. (KOSDAQ: 053800), Juniper Networks, Inc. (NYSE; JNPR), Mimecast Limited (NASDAQ: MIME), and Radware Ltd. (NASDAQ: RDWR), as they were up 41.56%, 30.59%, 25.11%, and 23.49%, respectively.

? There were several companies that struggled in Q4 2021. Darktrace PLC (LON: DARK) fell 49.73% while Telos Corporation (NASDAQ: TLS) was down -45.74%. Cognyte Software (NASDAQ: CGNT) and Atos SE (EPA: ATO) also struggled, as they fell -28.45% and -20.49%, respectively.

January 2022

Data mentioned in the piece is from Nasdaq Index Research, Bloomberg, and/or FactSet, unless otherwise stated.

Additional Links & Articles of Interest:

? G7 Interior and Security Ministers ? Extraordinary Senior Officials' Forum on Ransomware (December 2021) -

? 14 Cyber Security Predictions for 2022 & Beyond - (Mandiant, December 2021)

? Year of Cybersecurity Crises - (WSJ, December 2021) -

? Statement by CISA Director on Log4j Vulnerability =-(December 2021)

i ii iii iv v vi vii viii ix x xi xii xiii xiv xv xvi xvii xviii xix

January 2022

xx xxi xxii xxiii

Nasdaq? is a registered trademark of Nasdaq, Inc. The information contained above is provided for informational and educational purposes only, and nothing contained herein should be construed as investment advice, either on behalf of a particular security or an overall investment strategy. Neither Nasdaq, Inc. nor any of its affiliates makes any recommendation to buy or sell any security or any representation about the financial condition of any company. Statements regarding Nasdaq-listed companies or Nasdaq proprietary indexes are not guarantees of future performance. Actual results may differ materially from those expressed or implied. Past performance is not indicative of future results. Investors should undertake their own due diligence and carefully evaluate companies before investing. ADVICE FROM A SECURITIES PROFESSIONAL IS STRONGLY ADVISED. ? 2022. Nasdaq, Inc. All Rights Reserved.

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download