Firewall Friday

Weekly Cyber Security Activity — October 28th, 2018

As tradition goes, Israel has been active with two companies receiving Series C (WireWheel & Arctic Wolf) funding rounds and a recent acquisition. All I will say is the Dome9 founders will be pleased with their $175M acquisition.

Enjoy!

Cybersecurity Financing Activity

• Arctic Wolf, a cloud-based security ops center that helps companies detect potential threats within their information technology systems, raised a $45M Series C round led by Future Fund. Arctic wolf has raised $91.2M so far from Admans Street, Unusual Ventures, Lightspeed Venture Partners, Redpoint Ventures, Sonae Investment Management, and Knollwood Investment Advisory LLC.
• Area 1 Security, which provides Pay-Per-Phish, a performance-based solution which charges $10 per phish actually caught, raised a $32M Series C led by Kleiner Perkins with participation from Icon Ventures, DCVC, Top Tier Capital, Allegis Cyber and Epic Ventures. Area 1 has secured $57.5M in funding so far since May 2014.
• Wire Wheel, a cloud-based Data Privacy & Protection Platform, raised a $10M Series A round led by New Enterprise Associates (NEA) and PSP Growth. WireWheel has raised $13.1M in funding so far from Sands Capital, Revolution’s Rise Seed Fund, and Grotech Ventures.
• Wallarm, an AI-powered, app-security platform, which includes adaptive WAF, vulnerability scanner, incident verification and dev time testing modules, raised a $8.0M Series A round led by Toba Capital, with participation from Y Combinator, Partech, and Gagarin Capital. Wallarm has raised $10.8M in funding so far.

Cybersecurity M&A Activity

• Dome9, a cloud firewall management service that delivers automation tools against “zero-day” vulnerabilities for customers with multi-cloud deployments, was acquired by Check Point Software Technologies for $175M.
• Versive, which uses machine learning to help detect and respond to highly specific threats, was acquired by eSentire for an undisclosed amount. CEO Joseph Polverari will not be joining the company while CTO, Dustin Hillard, will become the eSentire CTO as part of the deal.
• Zonefox, a Scottish-founded company which protects companies’ sensitive data and IP from bad actors within the organization as well as accidental leaks, was acquired by Fortinet for an undisclosed amount. The Zonefox team, which has raised $4.8M in funds, will be joining Fortinet via the acquisition.
• Sygnia, which is a high-end cybersecurity consulting and services company, was acquired by Temasek for $250M. Sygnia came out of stealth mode less than a year ago after being incubated by Team8, the investor/company builder in Israel.

Other Relevant Cyber News

• Check Point security researches have spotted a new version of Azorult Downloader and infostealer, distributed through the RIG exploit kit, among other methods. This version has renewed the encryption method of the embedded C&C domain string, and improved the cryptocurrency wallet stealer. Check Point Sandblast protects against this threat — read here.
• Between 2017 and 2018 Cryptocurrency exchanges have suffered a total loss of $882 million due to targeted attacks, five of which have been attributed to the North Korean Lazarus state-sponsored group.
• Security researches have published a deep analysis reviewing the tools and operations conducted by the Russia-linked cyberespionage group ‘DustSquad’, which focuses on Central Asian targets and diplomatic entities. The research has revealed a new sample of the malware targeting Windows systems, and disguised as a Russian version of Telegram.

Top Attacks and Breaches

• New APT group has been spotted dubbed “GreyEnergy” and considered a successor to the infamous BlackEnergy APT group. GreyEnergy uses its own malware framework to conduct cyber espionage operations in Ukraine and Poland, focusing mainly on critical infrastructures. Some of the malware’s modules are backdoor, file extraction, taking screenshots, keylogging, password, and credential stealing. Technologies to solve it here and here.
• Above 35 million records of US voters have been found available for sale on the Dark Web. The seller provided records belonging to voters in 19 states, and claimed to have persistent access to voters’ records. The stolen records include personal, identifiable information and voting history of US residents.
• The Onslow Water and Sewer Authority (ONWASA) has been targeted in a ransomware attack, significantly disrupting its ability to provide services in the week after a hurricane hit the east coast of the U.S. The unknown threat actors have used Emotet Trojan to launch the Ryuk ransomware. Technologies to solve it here and here.
• A threat actor has managed to hack into Argenta vending machines’ mobile application that allows users to connect to the machines and perform the payment. The threat actor has got access to the app’s DB containing the ‘UserWallets’ table and changed the values so his credit card will contain EUR 999.
• The authors of the infamous GandCrab Ransomware have released the decryption keys for all Syrian victims in an underground cybercrime forum. The release came as a response to a Tweet in which a Syrian victim asked for help after photos of his deceased children were encrypted.

Vulnerabilities and Patches

• A security researcher has discovered a new passcode bypass that could be exploited on all current iPhone models, including the recently released iOS 12.0.1 version. The bypass may allow attackers with physical access to access photos and contacts on a locked iPhone.
• A critical code execution vulnerability has been discovered in the ‘LIVE555’ Streaming Media library used by popular media players including VLC and MPlayer, exposing millions of users to cyber-attacks.
• A zero-day vulnerability has been spotted, affecting thousands of applications which use older versions of the jQuery File Upload plugin. The vulnerability may allow attackers to upload arbitrary files on web servers, including command shells for sending out commands.
• A four-year-old severe vulnerability has been discovered in the Secure Shell (SSH) implementation library known as LibSSH. The vulnerability may allow anyone to bypass authentication and gain administrative control over a vulnerable server without requiring a password.
• Tumblr has released a security patch, addressing a flaw in its “Recommended Blogs” feature on the desktop version that could allow attackers to steal login credentials and sensitive user account information including email addresses, hashed passwords, IP addresses, and more.
• Three critical vulnerabilities have been discovered affecting 8 models of D-Link routers. Combining them together could allow attackers to get full control over the infected machines.