‘World-class’ cyber-detective Cynet raises $7 million
After unveiling 2 major breaches in products used by millions, the Israeli cyber-security firm attracts a major US investment
Israeli cyber-security firm Cynet, which in recent weeks uncovered and publicized not two major security flaws in products used by millions of people, has gotten the attention not just of cellphone and router manufacturers but of investors as well. On Wednesday, the company announced that it had received a $7 million investment from Lazarus, a US-based hedge fund.
Two weeks ago, a team led by researchers Liran Segal and Shachar Korot of Cynet announced that it had discovered a hardware breach in LG G3 devices. Called the SNAP vulnerability, the breach allows hackers to use a flaw in the device’s built-in to inject unauthenticated malicious code into apps. Because the vulnerability is in the built-in Smart Notice application, any app that uses it – and almost every app that gets messages does – is a potential vehicle for hackers to use to reach an individual’s device, stealing data, sending revealing photos stored on the device to social media, and grabbing saved credit card information and other sensitive data, said Idan Cohen, CTO of BugSec, an affiliate of Cynet.
The vulnerability allows hackers to use a JavaScript routine to run server-side code, allowing them to extend the reach of code to take control of a device. In a blog post, the researchers detail and demonstrate how they were able to grab phone numbers and ID information out of a phone’s memory, access a phishing site with a device’s browser to download malware, and even run a denial of service hack attack against a website directly from the device, without its owner even being aware of what was going on.
“The malicious code could be delivered by apps that utilize messaging services,” said Cohen.
Before that, a team led by Stas Volfus, head of Offensive Security at Cynet, discovered a major security flaw in next-generation firewalls, which examine application communications instead of port access to determine whether or not a hacker is trying to break through. In that case, as well, a JavaScript flaw allowed hackers to waltz through the firewall’s protective shield and take control of computers and servers.
“This vulnerability could potentially be a big risk for organizations,” said Stas Volfus. “It’s built into all next generation firewalls, and if we were able to exploit it, hackers will be able to do so as well.”
“What this means is that malware can be gotten through to a server in the form of a legitimate looking application, and send what appear to be perfectly kosher messages to a C&C server. Many of these firewalls inspect the application layer and then attach a predesigned policy.”
All a hacker has to do is hide their malware payload in innocent-looking application traffic and they’re in, he added.
In both cases, Cynet informed the manufacturers – LG and the firewall makers – of the flaws, so they could take preemptive action and repair the flaws before they were announced to the public.
It was those two “world-class” revelations that gave Cynet cachet among investors, bringing it the attention of venture capital firms outside of Israel, said Brian Abrams, partner at Lazarus. “The strength of this company’s team, technology, and traction make it the rarest of start-ups. They’ve done it all before and this time they’re looking to eclipse their previous success by an order of magnitude.”
Cynet was founded in 2015 by Eyal Gruner, Idan Amir, and Boaz Zilber, recognized leaders in Israel’s flourishing cybersecurity industry. Since its launch last year, Cynet has already experienced rapid growth with a global client base that includes dozens of large-scale enterprises in finance, healthcare, government, retail, and industrial sectors among others.
“We believe Cynet could be the next cybersecurity giant to come out of Israel,” said Abrams. “With their comprehensive solution and rapid proof-of-concept deployments, Cynet is going head-to-head with the biggest cybersecurity companies out there and winning.”
With the new funding, Cynet said, it will be able to continue developing its threat detection and response technology, while expanding its worldwide presence. The company also has the option to take additional funding from Lazarus if it chooses to do so.