Israeli ‘malware prophet’ CyActive snags Siemens funding

Somewhere a start-up is working on full-blown crystal ball technology that will be able to accurately predict the future. Until then, the world is going to have to be satisfied with advance warning of malware attacks by CyActive, the Israeli-developed cyber-security system that can prophesy the creation of new viruses and malware — what they are going to look like, what they might do, and most important — how to defend against them.

Predicting the creation of new malware before it happens is prophetic enough, as far as international tech giant Siemens is concerned. On Thursday, CyActive announced that it had received a substantial strategic investment from the Venture Capital Unit of Siemens (SFS VC). CyActive CEO Liran Tancman said the funds would be going into research and development as well as marketing, as CyActive seeks to spread its predictive cyber-security technology around the world.

The funding for CyActive marks the first investment of Siemens’ “Industry of the Future Fund” in Israel. The Venture Capital Unit of Siemens joins Jerusalem Venture Partners (JVP), a top 10 global venture capital fund, in investing in CyActive.

Tancman is not a descendant of the biblical prophets, as far as he knows, but then again, CyActive’s prophetic ability is built not on heavenly spirits, but on big data analysis — and biology. In today’s busy world, even hackers don’t have time to bake malware from scratch. Instead, they take existing malware, make adjustments to it, and send it off on its damaging mission. In fact, said Tancman, the malware die was cast long ago. “Much of the code found in even major attacks is reused over and over again in new attacks. There has actually never been a virus that did not draw substantially on malware that was already in existence.”

Malware are popularly called viruses — and they actually act like germs, developing new defenses and adjusting themselves to new environments and situations. In the same way that an antibiotic can recognize core biological agents and attack them, CyActive’s technology can recognize the germs of code common to most types of malware. Using predictive technology, the CyActive system can extrapolate the permutations of what a virus will look like in the future — enabling organizations to prepare for the next attack before it happens, and even before the malware that is going to be used in the attack has been created.

CyActive’s smart algorithms explore and analyze malware to see where it came from, and where it is going. “You can see very clearly what the ‘kill chain of exploitation’ is, the methods hackers are using now and the variants they are likely to use,” said Tancman. “Even the major attacks of recent years, like Flame, Stuxnet, and others, use a similar core.” For hackers, there really is no alternative. They don’t have the time, resources, or even skills to build a whole new exploitation kill chain that will attack systems from other angles.

Two high-profile hack attacks in the US followed the pattern, said Tancman. A CyActive analysis shows that hackers who hit US chain Target last December used malware called BlackPoS, compromising the credit card information of millions of customers. They got away with it, and the company’s tank stocked. Even now, nearly a year later, Target is trying to overcome the bad PR the attack generated.

Target wasn’t the only target of BlackPoS hackers. A variant of the same malware was used in a second, more recent attack, on home renovation giant Home Depot. Although it was dispatched in a shiny new package, CyActive recognized that the core of both viruses was similar. “Had we seen the Target malware in December, we could have predicted the creation of the Best Buy variant, and perhaps have helped prevent that attack,” said Tancman.

Ralf Schnell, CEO of the Venture Capital Unit of Siemens, doesn’t need any more convincing. He is pretty sure CyaActive’s ability to predict future malware is going to be valuable in the business world. “CyActive’s technology is extremely sophisticated yet lightweight, an imperative for many of our customers,” said Schnell. “We see broad potential across major industries and are particularly excited by its approach to securing industrial and utilities assets. CyActive’s founders are leaders in the field, and the company’s unprecedented predictive cyber security technology turns the economic equation in favor of the defender.”