SAN FRANCISCO, January 24, 2017 /PRNewswire/ --
Vulnerabilities Reveal Holes in Trusted Anti-Virus Applications for Microsoft Windows OS
Company launches in North America with $2.5 million in seed funding led by Blumberg Capital
Cybellum, the first deterministic zero-day prevention platform based in Tel Aviv, today announced its North American launch to protect companies from zero-day attacks. Zero-day attacks are cyber attacks against software flaws that are unknown and unpatched. The launch comes on the heels of a $2.5 million seed round of funding led by Blumberg Capital, a San Francisco based early-stage venture capital firm. Cybellum will use the funding to fuel its expansion, including opening a U.S. office in 2017, and to further its research and development efforts. The company also announced the discovery of three new zero-day vulnerabilities that are currently unpublished, unpatched and are potentially being used in the wild.
"Zero-day exploits are one of the biggest problems in cybersecurity," said Alon Lifshitz, managing director, Blumberg Capital. "With all of the high-profile hacks over the last several years from Target to Sony, it's clear that we need better ways to prevent unknown malicious activity entering organizations' networks. These attacks are the super weapons of cyber criminals who use them to bypass all security solutions and breach an organization's network. Through its platform, Cybellum is able to completely stop new attacks that have never been seen before - something that in the past has been considered almost impossible. The team has created a unique platform designed to defend against these attacks, and protects enterprises on their internal networks and the cloud, thereby providing a complete end-to-end solution. We are thrilled to partner with the team as they enter the North American market."
Cybellum discovered three new zero-day exploits as a result of the company's research on 'in the wild attacks' by using fake executive's accounts as honeypots to attract attackers by visiting both safe sites and sites that are known to be malicious, such as warez and pirating websites. Some attacks are known to infect internet surfers who visit the malicious websites, while some vulnerabilities have yet to be exploited. Once the exploits were identified, Cybellum notified the software vendors, demonstrated a proof of concept of the attack and then consulted with the vendors' security teams to patch the vulnerability and quickly fix the issue. A detailed technical report will be published soon after the vendors release patches to the vulnerabilities.
One such vulnerability that Cybellum found affects almost every anti-virus software on the Microsoft Windows operating system. The Cybellum team found a way to fully take control of the anti-virus applications which could give potential attackers great abilities and advantages; such as allowing malicious files or operations onto a computer or even shutting down the anti-virus software completely. Cybellum has notified the largest anti-virus vendors of the vulnerability who are now working with their security teams in order to close the hole and release a patch.
All systems are vulnerable to zero-day attacks. New vulnerabilities are being found at an increasingly fast rate, and the time it takes to test and roll out patches cannot keep up. This creates a window of opportunity for hackers to exploit even the most up-to-date systems and most businesses and consumers are not aware nor are they properly equipped to deal with them.
Founded in 2015 by Slava Bronfman and Michael Engstler, both veterans of the intelligence corps of the Israel Defence Forces (IDF), Cybellum's mission is to create a real and direct solution to cyber problems, specifically zero-day attacks, eliminating the cat and mouse game between the adversary and the organization. Cybellum's First-Step Threat Protection is the only solution that detects and stops zero-day exploits at the very first step, which is the initial vulnerability stage. Unlike behavioral, machine learning and signature-based solutions that generate a number or percentage of the likelihood of infection, Cybellum's core technology generates decisive solutions which eliminates the chances of false positives and prevents the attack from spreading to an organization.
"The discovery of any zero-day vulnerability has a huge impact on the cybersecurity industry as it closes holes in software linked to countless organizations", said Slava Bronfman, co-founder and CEO, Cybellum. "Through our proprietary platform, we recently discovered three new zero-day threats that leave consumers and businesses using the latest versions of the hacked software susceptible to being infected until a patch is created and installed by all users. We recognized a need in the market to identify these dangerous vulnerabilities as there is no existing solution finding and preventing the attacks at the root cause. We built our core technology specifically to identify this type of attack at the first step, removing risk, eliminating false positives and the need for patches. We expect to find many more zero-days as we expand."
Cybellum is the the first deterministic zero-day prevention platform that eliminates known and unknown threats with First-Step Threat Protection™. Cybellum delivers an agentless, cloud-based and on premise end-to-end solution that gives fully automatic forensics and visibility into each incident without the need for cyber experts to operate it. Cybellum was founded in 2015 by former members of the Israel Defense Force Intelligence Corps with extensive backgrounds in cybersecurity and is headquartered in Tel Aviv, Israel. For more information visit cybellum.com