Seculert

Last updated
Seculert
Company type Private company
Industry IT Security
Founded2010
Headquarters Petah Tikva, Israel
Key people
Dudi Matot - Co-founder and CEO
Aviv Raff - Co-founder and CTO
Alex Milstein - Co-founder and COO
Owner Radware
Website http://www.seculert.com

Seculert was a cloud-based cyber security technology company based in Petah Tikva, Israel. The company's technology was designed to detect breaches and advanced persistent threats (APTs), attacking networks. Seculert's business was based on malware research and the ability to uncover malware that has gone undetected by other traditional measures. [1]

Contents

In 2012, the company was named one of the hottest new security start-ups by The New York Times [2] and a finalist in the SC Magazine awards for Rookie Security Company of the Year. [3]

History

Seculert was founded in 2010 by former RSA FraudAction Research Lab Manager Aviv Raff, former SanDisk Product Marketing Manager Dudi Matot and former Finjan VP of Operations Alex Milstein.

In 2011, the company launched their first offering, Seculert Echo. [4] Their Seculert Sense, traffic log analysis, was released in October 2012.

At the RSA Conference in February 2013 Seculert unveiled the beta version of Seculert Swamp, a malware analysis sandbox.

In July 2012, the company announced $5.35M in venture funding from YL Ventures and Norwest Venture Partners. [5] In July 2013, Seculert announced that they raised an additional $10 million in Series B funding from Sequoia Capital Archived 2013-08-17 at the Wayback Machine . [6]

On January 31, 2017, Seculert was acquired by Radware, a company based out of Mahwah, New Jersey. [7]

Notable alerts

In January 2012, Seculert discovered that Ramnit started targeting Facebook accounts with considerable success, stealing over 45,000 Facebook login credentials worldwide, mostly from people in the UK and France. [8] [9] [10]

In March 2012, Seculert reported that Kelihos botnet, which was distributed as a Facebook worm, was still active and spreading. [11] [12] [13]

In July 2012, Seculert, in conjunction with Kaspersky Lab, uncovered an ongoing cyber espionage campaign targeting Iran and other Middle Eastern countries dubbed Mahdi (malware). [14] [15] [16] [17]

In August 2012, Seculert, Kaspersky Lab and Symantec revealed the discovery of Shamoon, [18] a sophisticated malware that attacked Qatar's natural gas firm, Rasgas and the Saudi Arabian Oil Company, ARAMCO. [19] [20] [21]

In December 2012, Seculert uncovered Dexter, a new malware that steals payment card data from point-of-sale terminals used by stores, hotels, and other businesses. Most of the victim businesses were English-speaking, with 42 percent based in North America, and 19 percent in the U.K. Dexter infected systems running a variety of different versions of Windows, including XP, Home Server, Server 2003, and Windows 7. [22] [23] [24] [25]

In January 2013, Kaspersky Labs (KL) revealed a cyber espionage operation dubbed Red October. The next day, Seculert identified a special folder used by the attackers for an additional attack vector. [26] In this vector, the attackers sent an email with an embedded link to a specially crafted PHP web page. This webpage exploited a vulnerability in Java, and in the background downloaded and executed the malware automatically. [27] [28]

In January 2014, the Seculert Research Lab identified a new targeted attack that used Xtreme RAT. This attack used spear phishing emails to target Israeli organizations and deploy the piece of advanced malware. To date, 15 machines have been compromised including ones belonging to the Israeli Civil Administration. [29] [30] [31] [32] [33] [34] [35]

In April 2014, the Dyre Wolf malware campaign made headlines as a banking trojan that bypassed 2 factor authentication in order to steal over $1 million from corporate bank accounts. [36]

Awards

Automated breach detection product

Several detection and protection technologies are combined in a cloud-based solution that works to identify new cyber threats.

Automated Traffic Log Analysis is a cloud-based analysis engine that leverages HTTP/S gateway traffic logs collected over time, analyzing petabytes of data to identify malware activity. It automatically identifies unknown malware by detecting malicious patterns and anomalies. Seculert Traffic Log Analysis pinpoints evidence of targeted attacks. [38] [39]

Elastic Sandbox is an elastic, cloud-based automated malware analysis environment. The Seculert Elastic sandbox includes automatic analysis and classification of suspicious files over time. It analyzes potentially malicious files on different platforms and can simulate different geographic regions. The Seculert Elastic Sandbox generates malware behavioral profiles by crunching over 40,000 malware samples on a daily basis and by leveraging data from its crowdsourced threat repository. [40]

Related Research Articles

Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. Researchers tend to classify malware into one or more sub-types.

Linux malware includes viruses, Trojans, worms and other types of malware that affect the Linux family of operating systems. Linux, Unix and other Unix-like computer operating systems are generally regarded as very well-protected against, but not immune to, computer viruses.

<span class="mw-page-title-main">Radware</span>

Radware Ltd. is an American provider of cybersecurity and application delivery products for physical, cloud and software-defined data centers. Radware's corporate headquarters are located in Mahwah, New Jersey. The company also has offices in Europe, Africa and Asia Pacific regions. The company's global headquarters is in Israel. Radware is a member of the Rad Group of companies and its shares are traded on NASDAQ.

<span class="mw-page-title-main">VirusTotal</span> Cybersecurity website owned by Chronicle

VirusTotal is a website created by the Spanish security company Hispasec Sistemas. Launched in June 2004, it was acquired by Google in September 2012. The company's ownership switched in January 2018 to Chronicle, a subsidiary of Google.

Koobface is a network worm that attacks Microsoft Windows, Mac OS X, and Linux platforms. This worm originally targeted users of networking websites such as Facebook, Skype, Yahoo Messenger, and email websites such as GMail, Yahoo Mail, and AOL Mail. It also targets other networking websites, such as MySpace, Twitter, and it can infect other devices on the same local network. Technical support scammers also fraudulently claim to their intended victims that they have a Koobface infection on their computer by using fake popups and using built-in Windows programs.

Trellix is a privately held cybersecurity company that was founded in 2022. It has been involved in the detection and prevention of major cybersecurity attacks. It provides hardware, software, and services to investigate cybersecurity attacks, protect against malicious software, and analyze IT security risks.

<span class="mw-page-title-main">Kaspersky Lab</span> Russian multinational cybersecurity and anti-virus provider

Kaspersky Lab is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in the United Kingdom. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky and Alexey De-Monderik. Kaspersky Lab develops and sells antivirus, internet security, password management, endpoint security, and other cybersecurity products and services.

Alureon is a trojan and rootkit created to steal data by intercepting a system's network traffic and searching for banking usernames and passwords, credit card data, PayPal information, social security numbers, and other sensitive user data. Following a series of customer complaints, Microsoft determined that Alureon caused a wave of BSoDs on some 32-bit Microsoft Windows systems. The update, MS10-015, triggered these crashes by breaking assumptions made by the malware author(s).

Avalanche was a criminal syndicate involved in phishing attacks, online bank fraud, and ransomware. The name also refers to the network of owned, rented, and compromised systems used to carry out that activity. Avalanche only infected computers running the Microsoft Windows operating system.

Stuxnet is a malicious computer worm first uncovered in 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran. Although neither country has openly admitted responsibility, multiple independent news organizations recognize Stuxnet to be a cyberweapon built jointly by the United States and Israel in a collaborative effort known as Operation Olympic Games. The program, started during the Bush administration, was rapidly expanded within the first months of Barack Obama's presidency.

Duqu is a collection of computer malware discovered on 1 September 2011, thought by Kaspersky Labs to be related to the Stuxnet worm and to have been created by Unit 8200. Duqu has exploited Microsoft Windows's zero-day vulnerability. The Laboratory of Cryptography and System Security of the Budapest University of Technology and Economics in Hungary discovered the threat, analysed the malware, and wrote a 60-page report naming the threat Duqu. Duqu got its name from the prefix "~DQ" it gives to the names of files it creates.

Flame, also known as Flamer, sKyWIper, and Skywiper, is modular computer malware discovered in 2012 that attacks computers running the Microsoft Windows operating system. The program is used for targeted cyber espionage in Middle Eastern countries.

Mahdi is computer malware that was initially discovered in February 2012 and was reported in July of that year. According to Kaspersky Lab and Seculert, the software has been used for targeted cyber espionage since December 2011, infecting at least 800 computers in Iran and other Middle Eastern countries. Mahdi is named after files used in the malware and refers to the Muslim figure.

Shamoon, also known as W32.DistTrack, is a modular computer virus that was discovered in 2012, targeting then-recent 32-bit NT kernel versions of Microsoft Windows. The virus was notable due to the destructive nature of the attack and the cost of recovery. Shamoon can spread from an infected machine to other computers on the network. Once a system is infected, the virus continues to compile a list of files from specific locations on the system, upload them to the attacker, and erase them. Finally the virus overwrites the master boot record of the infected computer, making it unusable.

Trustwave is an American cybersecurity subsidiary of The Chertoff Group. It focuses on providing managed detection and response (MDR), managed security services (MSS), database security, and email security to organizations around the globe.

In computer security, a wiper is a class of malware intended to erase the hard drive or other static memory of the computer it infects, maliciously deleting data and programs.

Dexter is a computer virus or point of sale (PoS) malware which infects computers running Microsoft Windows and was discovered by IT security firm Seculert, in December 2012. It infects PoS systems worldwide and steals sensitive information such as credit and debit card information.

Regin is a sophisticated malware and hacking toolkit used by United States' National Security Agency (NSA) and its British counterpart, the Government Communications Headquarters (GCHQ). It was first publicly revealed by Kaspersky Lab, Symantec, and The Intercept in November 2014. The malware targets specific users of Microsoft Windows-based computers and has been linked to the US intelligence-gathering agency NSA and its British counterpart, the GCHQ. The Intercept provided samples of Regin for download, including malware discovered at a Belgian telecommunications provider, Belgacom. Kaspersky Lab says it first became aware of Regin in spring 2012, but some of the earliest samples date from 2003. Among computers infected worldwide by Regin, 28 percent were in Russia, 24 percent in Saudi Arabia, 9 percent each in Mexico and Ireland, and 5 percent in each of India, Afghanistan, Iran, Belgium, Austria, and Pakistan.

Lazarus Group is a hacker group made up of an unknown number of individuals, alleged to be run by the government of North Korea. While not much is known about the Lazarus Group, researchers have attributed many cyberattacks to them since 2010. Originally a criminal group, the group has now been designated as an advanced persistent threat due to intended nature, threat, and wide array of methods used when conducting an operation. Names given by cybersecurity organizations include Hidden Cobra and ZINC or Diamond Sleet. According to North Korean defector Kim Kuk-song, the unit is internally known in North Korea as 414 Liaison Office.

Code Shikara is a computer worm, related to the Dorkbot family, that attacks through social engineering.

References

  1. "Seculert" . Retrieved 22 January 2013.
  2. Perlroth, Nicole (2012-12-31). "Outmaneuvered at Their Own Game, Antivirus Makers Struggle to Adapt". The New York Times . Retrieved 2013-01-22.
  3. "2013 SC Magazine US Awards Finalists". SC Magazine. 2012-11-29. Retrieved 2013-01-22.
  4. Wauters, Robin (2010-10-06). "Seculert Secures Funding For Cloud-Based Threat Detection Software". TechCrunch . Retrieved 2013-01-22.
  5. Williams, Alex (2012-07-10). "Seculert Gets $5.35 Million Investment For Cloud-Based Botnet Detection Service". TechCrunch . Retrieved 2013-01-22.
  6. "Israeli cyber security firm Seculert raises $10 mln in funding". Reuters. 2013-07-08.
  7. "Radware Acquires Seculert to Enhance Data Center Security". Radware. 2017-01-31. Retrieved 2018-01-17.
  8. Smith, Catharine (2012-01-05). "Facebook Ramnit Worm Swipes 45,000 Usernames, Passwords". Huffington Post . Retrieved 2013-01-22.
  9. Masters, Greg (2012-01-05). "New Ramnit variant steals Facebook logins". SC Magazine . Retrieved 2013-01-22.
  10. Leyden, John (2012-01-05). "Dammit Ramnit! Worm slurps 45,000 Facebook passwords". The Register . Retrieved 2013-01-22.
  11. Leyden, John (2012-03-29). "Kelihos zombies erupt from mass graves after botnet massacre". The Register . Retrieved 2013-01-22.
  12. Colon, Marcos (2012-03-29). "Kelihos lives on thanks to Facebook trojan". SC Magazine . Retrieved 2013-01-22.
  13. Constantin, Lucian (2012-03-30). "Kelihos gang building a new botnet, researchers say". TechWorld. Archived from the original on 2012-05-14. Retrieved 2013-01-22.
  14. "Mahdi - The Cyberwar Savior?". Seculert. 2012-07-17. Archived from the original on 2012-07-19. Retrieved 2013-01-22.
  15. Finkle, Jim (2012-07-17). "Another cyber espionage campaign found targeting Iran". Reuters . Retrieved 2013-01-22.
  16. Zetter, Kim (2012-07-17). "Mahdi, the Messiah, Found Infecting Systems in Iran, Israel". Wired . Retrieved 2013-01-22.
  17. Brumfield, Ben (2012-07-19). "Cyberspy program targets victims in Iran, Israel, companies say". CNN. Archived from the original on July 21, 2012. Retrieved 2013-01-22.
  18. "Shamoon, a two-stage targeted attack". Seculert. 2012-08-16. Archived from the original on 2012-08-19. Retrieved 2013-01-22.
  19. Weitzenkorn, Ben (2012-08-23). "Shamoon Worm Linked to Saudi Oil Company Attack". NBC News. Archived from the original on March 6, 2016. Retrieved 2013-01-22.
  20. Zetter, Kim (2012-08-30). "Qatari Gas Company Hit With Virus in Wave of Attacks on Energy Companies". Wired . Retrieved 2013-01-22.
  21. Schreck, Adam (2012-09-05). "Virus origin in Gulf computer attacks questioned". Associated Press . Retrieved 2013-01-22.
  22. Goodin, Dan (2012-12-11). "Dexter" malware steals credit card data from point-of-sale terminals". Ars Technica . Retrieved 2013-01-22.
  23. Higgins, Kelly (2012-12-11). "'Dexter' Directly Attacks Point-of-Sale Systems". Dark Reading. Archived from the original on 2013-01-14. Retrieved 2013-01-22.
  24. McAllister, Neil (2012-12-14). "Dexter malware targets point of sale systems worldwide". The Register . Retrieved 2013-01-22.
  25. Armerding, Taylor (2012-12-19). "Dexter malware's source still unknown, connection to Zeus disputed". CSO Magazine . Retrieved 2013-01-22.
  26. ""Operation Red October" - The Java Angle". Seculert. 2013-01-15. Archived from the original on 2013-01-17. Retrieved 2013-01-22.
  27. Goodin, Dan (2013-01-15). "Red October relied on Java exploit to infect PCs". Ars Technica . Retrieved 2013-01-22.
  28. McAllister, Neil (2013-01-16). "Surprised? Old Java exploit helped spread Red October spyware". The Register . Retrieved 2013-01-22.
  29. "Israeli defence computer hacked via tainted email -cyber firm". Reuters. 2014-01-26.
  30. לוי, רויטרס ואליאור (26 January 2014). ""האקרים השתלטו על מחשבים ביטחוניים"". Ynet (in Hebrew).
  31. "Hackers break into Israeli defence computers, says security company". The Guardian. Archived from the original on 6 March 2014. Retrieved 14 October 2021.
  32. "Israel defence computers hit by hack attack". BBC News. 2014-01-27.
  33. "Israeli Defense Computer Hit in Cyber Attack: Data Expert | SecurityWeek.Com". www.securityweek.com. Retrieved 14 October 2021.
  34. "Israel to Ease Cyber-Security Export Curbs, Premier Says". Bloomberg.
  35. Halpern, Micah D. "Cyber Break-in @ IDF". Huffington Post.
  36. Vaughan-Nichols, Steven J. "Dyre Wolf malware huffs and puffs at your corporate bank account door". ZDNet. Retrieved 2021-02-23.
  37. "2013 Red Herring Europe Finalists". Redherring.com. Retrieved 14 October 2021.
  38. Higgins, Kelly (2012-11-07). "Hunting Botnets In The Cloud". Dark Reading. Archived from the original on 2013-01-14. Retrieved 2013-01-22.
  39. Nusca, Andrew (2012-12-05). "Training big data's eye on cybersecurity threats". ZDNet . Retrieved 2013-01-22.
  40. "Seculert Adds 'Elastic Sandbox' to Simulate Malware Over Time, Geographic Locations | SecurityWeek.Com". www.securityweek.com. Retrieved 14 October 2021.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.