Seculert

Seculert was founded in 2010 by former RSA FraudAction Research Lab Manager Aviv Raff, former SanDisk Product Marketing Manager Dudi Matot and former Finjan Software VP of Operations Alex Milstein.

In 2011, the company launched their first offering, Seculert Echo.{{cite news|first=Robin |last=Wauters|publisher=TechCrunch|title= Seculert Secures Funding For Cloud-Based Threat Detection Software |url= https://techcrunch.com/2010/10/06/seculert-secures-funding-for-cloud-based-threat-detection-software/ |date=2010-10-06|access-date=2013-01-22}} Their Seculert Sense, traffic log analysis, was released in October 2012.

At the RSA Conference in February 2013 Seculert unveiled the beta version of Seculert Swamp, a malware analysis sandbox.

In July 2012, the company announced $5.35M in venture funding from YL Ventures and Norwest Venture Partners.{{cite news|first=Alex |last=Williams |publisher=TechCrunch|title= Seculert Gets $5.35 Million Investment For Cloud-Based Botnet Detection Service |url= https://techcrunch.com/2012/07/10/seculert-gets-5-35-million-investment-for-cloud-based-botnet-detection-service/ |date=2012-07-10|access-date=2013-01-22}} In July 2013, Seculert announced that they raised an additional $10 million in Series B funding from [http://www.sequoiacap.com/israel/ Sequoia Capital] {{Webarchive|url=https://web.archive.org/web/20130817041622/http://www.sequoiacap.com/israel/ |date=2013-08-17 }}.{{cite news| url=https://www.reuters.com/article/seculert-financing-idUSL2N0F91Y220130708 | work=Reuters | title=Israeli cyber security firm Seculert raises $10 mln in funding | date=2013-07-08}}

On January 31, 2017, Seculert was acquired by Radware, a company based out of Mahwah, New Jersey.{{cite news|publisher=Radware|title= Radware Acquires Seculert to Enhance Data Center Security |url= http://www.radware.com/newsevents/pressreleases/2017/seculert/ |date=2017-01-31|access-date=2018-01-17}}

In January 2012, Seculert discovered that Ramnit started targeting Facebook accounts with considerable success, stealing over 45,000 Facebook login credentials worldwide, mostly from people in the UK and France.{{cite news|first=Catharine |last=Smith |publisher=Huffington Post|title= Facebook Ramnit Worm Swipes 45,000 Usernames, Passwords |url= http://www.huffingtonpost.com/2012/01/05/facebook-ramnit-worm_n_1186796.html |date=2012-01-05 |access-date=2013-01-22}}{{cite news|first=Greg |last=Masters |publisher=SC Magazine|title= New Ramnit variant steals Facebook logins |url= http://www.scmagazine.com/new-ramnit-variant-steals-facebook-logins/article/221980/ |date=2012-01-05 |access-date=2013-01-22}}{{cite news|first=John |last=Leyden |publisher=The Register|title= Dammit Ramnit! Worm slurps 45,000 Facebook passwords |url= https://www.theregister.co.uk/2012/01/05/ramnit_social_networking/ |date=2012-01-05 |access-date=2013-01-22}}

In March 2012, Seculert reported that Kelihos botnet, which was distributed as a Facebook worm, was still active and spreading.{{cite news|first= John |last= Leyden |publisher=The Register|title= Kelihos zombies erupt from mass graves after botnet massacre |url= https://www.theregister.co.uk/2012/03/29/kelhios_bot_not_dead_yet/ |date=2012-03-29 |access-date=2013-01-22}}{{cite news|first= Marcos |last= Colon |publisher=SC Magazine|title= Kelihos lives on thanks to Facebook trojan |url= http://www.scmagazine.com/kelihos-lives-on-thanks-to-facebook-trojan/article/234276/ |date=2012-03-29 |access-date=2013-01-22}}{{cite news |first= Lucian |last= Constantin |publisher= TechWorld |title= Kelihos gang building a new botnet, researchers say |url= http://news.techworld.com/security/3348269/kelihos-gang-building-a-new-botnet-researchers-say/ |date= 2012-03-30 |access-date= 2013-01-22 |archive-date= 2012-05-14 |archive-url= https://web.archive.org/web/20120514102320/http://news.techworld.com/security/3348269/kelihos-gang-building-a-new-botnet-researchers-say/ |url-status= dead }}

In July 2012, Seculert, in conjunction with Kaspersky Lab, uncovered an ongoing cyber espionage campaign targeting Iran and other Middle Eastern countries dubbed Mahdi (malware).{{cite news|publisher=Seculert|title=Mahdi - The Cyberwar Savior?|url=http://blog.seculert.com/2012/07/mahdi-cyberwar-savior.html|date=2012-07-17|access-date=2013-01-22|archive-date=2012-07-19|archive-url=https://web.archive.org/web/20120719222119/http://blog.seculert.com/2012/07/mahdi-cyberwar-savior.html|url-status=dead}}{{cite news|first=Jim |last=Finkle |publisher=Reuters|title= Another cyber espionage campaign found targeting Iran |url= https://www.reuters.com/article/net-us-cybersecurity-middleeast-idUSBRE86G0M320120717 |date=2012-07-17 |access-date=2013-01-22}}{{cite news|first=Kim |last=Zetter |author-link=Kim Zetter |publisher=Wired|title= Mahdi, the Messiah, Found Infecting Systems in Iran, Israel |url=https://www.wired.com/threatlevel/2012/07/mahdi/ |date=2012-07-17 |access-date=2013-01-22}}{{cite news|first=Ben |last=Brumfield |publisher=CNN|title= Cyberspy program targets victims in Iran, Israel, companies say |url=http://security.blogs.cnn.com/2012/07/19/cyberspy-program-targets-victims-in-iran-israel-companies-say/ |archive-url=https://web.archive.org/web/20120721045115/http://security.blogs.cnn.com/2012/07/19/cyberspy-program-targets-victims-in-iran-israel-companies-say/ |url-status=dead |archive-date=July 21, 2012 |date=2012-07-19 |access-date=2013-01-22}}

In August 2012, Seculert, Kaspersky Lab and Symantec revealed the discovery of Shamoon,{{cite news|publisher=Seculert|title=Shamoon, a two-stage targeted attack|url=http://blog.seculert.com/2012/08/shamoon-two-stage-targeted-attack.html|date=2012-08-16|access-date=2013-01-22|archive-date=2012-08-19|archive-url=https://web.archive.org/web/20120819152237/http://blog.seculert.com/2012/08/shamoon-two-stage-targeted-attack.html|url-status=dead}} a sophisticated malware that attacked Qatar's natural gas firm, Rasgas and the Saudi Arabian Oil Company, ARAMCO.{{cite news|first=Ben |last=Weitzenkorn |publisher=NBC News|title= Shamoon Worm Linked to Saudi Oil Company Attack |url=http://www.nbcnews.com/id/48766448 |archive-url=https://web.archive.org/web/20160306084047/http://www.nbcnews.com/id/48766448 |url-status=dead |archive-date=March 6, 2016 |date=2012-08-23 |access-date=2013-01-22}}{{cite news|first=Kim |last=Zetter |author-link= Kim Zetter |publisher=Wired|title= Qatari Gas Company Hit With Virus in Wave of Attacks on Energy Companies |url=https://www.wired.com/threatlevel/2012/08/hack-attack-strikes-rasgas/ |date=2012-08-30 |access-date=2013-01-22}}{{cite news|first=Adam |last=Schreck |publisher=Associated Press|title= Virus origin in Gulf computer attacks questioned |url=http://www.nbcnews.com/technology/technolog/virus-origin-gulf-computer-attacks-questioned-978717 |date=2012-09-05 |access-date=2013-01-22}}

In December 2012, Seculert uncovered Dexter, a new malware that steals payment card data from point-of-sale terminals used by stores, hotels, and other businesses. Most of the victim businesses were English-speaking, with 42 percent based in North America, and 19 percent in the U.K. Dexter infected systems running a variety of different versions of Windows, including XP, Home Server, Server 2003, and Windows 7.{{cite news|first=Dan |last=Goodin |publisher=Ars Technica |title=Dexter" malware steals credit card data from point-of-sale terminals |url=https://arstechnica.com/security/2012/12/dexter-malware-steals-credit-card-data-from-point-of-sale-terminals/ |date=2012-12-11 |access-date=2013-01-22}}{{cite news |first=Kelly |last=Higgins |publisher=Dark Reading |title='Dexter' Directly Attacks Point-of-Sale Systems |url=http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/240144190/dexter-directly-attacks-point-of-systems.html |date=2012-12-11 |access-date=2013-01-22 |archive-date=2013-01-14 |archive-url=https://web.archive.org/web/20130114080033/http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/240144190/dexter-directly-attacks-point-of-systems.html |url-status=dead }}{{cite news|first=Neil |last=McAllister |publisher=The Register |title= Dexter malware targets point of sale systems worldwide |url=https://www.theregister.co.uk/2012/12/14/dexter_malware_targets_pos_systems/ |date=2012-12-14 |access-date=2013-01-22}}{{cite news|first=Taylor |last=Armerding |publisher=CSO Magazine |title= Dexter malware's source still unknown, connection to Zeus disputed |url=http://www.csoonline.com/article/724328/dexter-malware-s-source-still-unknown-connection-to-zeus-disputed |date=2012-12-19 |access-date=2013-01-22}}

In January 2013, Kaspersky Labs (KL) revealed a cyber espionage operation dubbed Red October. The next day, Seculert identified a special folder used by the attackers for an additional attack vector.{{cite news |publisher=Seculert |title="Operation Red October" - The Java Angle |url=http://blog.seculert.com/2013/01/operation-red-october-java-angle.html |date=2013-01-15 |access-date=2013-01-22 |archive-date=2013-01-17 |archive-url=https://web.archive.org/web/20130117084847/http://blog.seculert.com/2013/01/operation-red-october-java-angle.html |url-status=dead }} In this vector, the attackers sent an email with an embedded link to a specially crafted PHP web page. This webpage exploited a vulnerability in Java, and in the background downloaded and executed the malware automatically.{{cite news|first=Dan |last=Goodin |publisher=Ars Technica |title=Red October relied on Java exploit to infect PCs |url=https://arstechnica.com/security/2013/01/massive-espionage-malware-relied-on-java-exploit-to-infect-pcs/ |date=2013-01-15 |access-date=2013-01-22}}{{cite news|first=Neil |last=McAllister |publisher=The Register |title=Surprised? Old Java exploit helped spread Red October spyware |url=https://www.theregister.co.uk/2013/01/16/red_october_java_connection/ |date=2013-01-16 |access-date=2013-01-22}}

In January 2014, the Seculert Research Lab identified a new targeted attack that used Xtreme RAT. This attack used spear phishing emails to target Israeli organizations and deploy the piece of advanced malware. To date, 15 machines have been compromised including ones belonging to the Israeli Civil Administration.{{cite news| url=https://www.reuters.com/article/israel-cybersecurity-idUSL5N0L00JR20140126?irpc=932&irpc=932 | work=Reuters | title=Israeli defence computer hacked via tainted email -cyber firm | date=2014-01-26}}{{cite news |last1=לוי |first1=רויטרס ואליאור |title="האקרים השתלטו על מחשבים ביטחוניים" |url=http://www.ynet.co.il/articles/0,7340,L-4481380,00.html |website=Ynet |language=he |date=26 January 2014}}{{cite news |title=Hackers break into Israeli defence computers, says security company |url=https://www.theguardian.com/world/2014/jan/27/hackers-israeli-defence-ministry-computers |access-date=14 October 2021 |work=The Guardian |archive-url=https://web.archive.org/web/20140306202533/http://www.theguardian.com/world/2014/jan/27/hackers-israeli-defence-ministry-computers |archive-date=6 March 2014}}{{cite news| url=https://www.bbc.co.uk/news/technology-25575790 | work=BBC News | title=Israel defence computers hit by hack attack | date=2014-01-27}}{{cite news |title=Israeli Defense Computer Hit in Cyber Attack: Data Expert {{!}} SecurityWeek.Com |url=http://www.securityweek.com/israeli-defense-computer-hit-cyber-attack-data-expert |access-date=14 October 2021 |work=www.securityweek.com}}{{cite news| url=https://www.bloomberg.com/news/2014-01-27/israel-to-ease-cyber-security-export-curbs-premier-says.html | work=Bloomberg | title=Israel to Ease Cyber-Security Export Curbs, Premier Says}}{{cite news| url=http://www.huffingtonpost.com/micah-d-halpern/cyber-breakin-idf_b_4696472.html | work=Huffington Post | first=Micah D. | last=Halpern | title=Cyber Break-in @ IDF}}

In April 2014, the Dyre Wolf malware campaign made [https://arstechnica.com/security/2015/04/03/dyre-wolf-malware-steals-more-than-1-million-bypasses-2fa-protection/ headlines] as a banking trojan that bypassed 2 factor authentication in order to steal over $1 million from corporate bank accounts.{{Cite web|last=Vaughan-Nichols|first=Steven J.|title=Dyre Wolf malware huffs and puffs at your corporate bank account door|url=https://www.zdnet.com/article/dyre-wolf-attacks-your-corporate-bank-account-door/|access-date=2021-02-23|website=ZDNet|language=en}}

• 2013 Red Herring, Europe Finalists{{cite web |title=2013 Red Herring Europe Finalists |url=http://www.redherring.com/events/red-herring-europe/2013_finalists/ |publisher=Redherring.com |access-date=14 October 2021}}

Several detection and protection technologies are combined in a cloud-based solution that works to identify new cyber threats.

Automated Traffic Log Analysis is a cloud-based analysis engine that leverages HTTP/S gateway traffic logs collected over time, analyzing petabytes of data to identify malware activity. It automatically identifies unknown malware by detecting malicious patterns and anomalies. Seculert Traffic Log Analysis pinpoints evidence of targeted attacks.{{cite news|first=Kelly|last=Higgins|publisher=Dark Reading|title=Hunting Botnets In The Cloud|url=http://www.darkreading.com/threat-intelligence/167901121/security/attacks-breaches/240062588/hunting-botnets-in-the-cloud.html|date=2012-11-07|access-date=2013-01-22|archive-date=2013-01-14|archive-url=https://web.archive.org/web/20130114083547/http://www.darkreading.com/threat-intelligence/167901121/security/attacks-breaches/240062588/hunting-botnets-in-the-cloud.html|url-status=dead}}{{cite news|first=Andrew |last=Nusca |author-link= Andrew Nusca |publisher=ZDNet|title= Training big data's eye on cybersecurity threats

|url= https://www.zdnet.com/article/training-big-datas-eye-on-cybersecurity-threats/ |date=2012-12-05 |access-date=2013-01-22}}

Elastic Sandbox is an elastic, cloud-based automated malware analysis environment. The Seculert Elastic sandbox includes automatic analysis and classification of suspicious files over time. It analyzes potentially malicious files on different platforms and can simulate different geographic regions. The Seculert Elastic Sandbox generates malware behavioral profiles by crunching over 40,000 malware samples on a daily basis and by leveraging data from its crowdsourced threat repository.{{cite news |title=Seculert Adds 'Elastic Sandbox' to Simulate Malware Over Time, Geographic Locations {{!}} SecurityWeek.Com |url=http://www.securityweek.com/seculert-adds-elastic-sandbox-simulate-malware-over-time-geographic-locations |access-date=14 October 2021 |work=www.securityweek.com}}

{{reflist|30em}}

• [http://www.seculert.com/ Company website]

Category:Computer security companies specializing in botnets

Category:Information technology companies of Israel

Category:Privately held companies of Israel

Category:Technology companies established in 2010

Category:Companies based in Petah Tikva