Security News

Start-Up Nation Central, the independent not-for-profit organization connecting global corporations, investors, and governments to the Israeli tech innovation ecosystem, revealed that Israel's FinTech sector experienced a record-breaking first half of 2021 in terms of VC investments. According to a data gathered from Start-Up Nation Central Finder, Israeli companies raised $2.3B in the first half representing a staggering 260% increase over H1 2020 funding, and even surpassing the 2020 full-year total of $1.8B by 28%. Investments in FinTech made up 19% of the total funding in Israeli innovation technology companies during H1, which amounted to $12.2B. When it comes to international comparisons, data from PitchBook showed that Israel's 28% increase in FinTech funding over the 2020 total surpassed the 20% increase in US company funding and the negative growth exhibited by the Asian ecosystem but fell short of Europe's impressive 63% growth during the same period.

Human rights and press freedom activists are up in arms about a new report on NSO Group, the notorious Israeli hacker-for-hire company. The report, by a global media consortium, expands public knowledge of the target list used in NSO's military-grade spyware.

The spyware vendor was also formally identified as the commercial surveillance company that Google's Threat Analysis Group revealed as exploiting multiple zero-day vulnerabilities in Chrome browser to target victims located in Armenia, according to a report published by the University of Toronto's Citizen Lab. "Candiru's apparent widespread presence, and the use of its surveillance technology against global civil society, is a potent reminder that the mercenary spyware industry contains many players and is prone to widespread abuse," Citizen Lab researchers said.

An Israeli firm accused of supplying spyware to governments has been linked to a list of 50,000 smartphone numbers, including those of activists, journalists, business executives and politicians around the world, according to reports Sunday. The Post said 15,000 of the numbers on the list were in Mexico and included those of politicians, union representatives, journalists and government critics.

A set of unique spyware strains created by an Israeli firm and allegedly used by governments around the world to surveil dissidents has been defanged by Microsoft, the software giant said. The spyware exploits two elevation-of-privilege security vulnerabilities in Windows, CVE-2021-31979 and CVE-2021-33771, both of which were addressed in Microsoft's July Patch Tuesday update this week.

A secretive Israeli commercial surveillance company named after a parasitic freshwater fish is being blamed for supplying Windows and Chrome zero-day exploits to nation-state APT actors. The two reports come less than 24 hours after Google's Threat Analysis Group documented four separate zero-day exploits in Chrome, Internet Explorer, and Webkit that were created and sold by Candiru to government-backed attackers.

Microsoft and Citizen Lab have linked Israeli spyware company Candiru to new Windows spyware dubbed DevilsTongue deployed using now patched Windows zero-day vulnerabilities. The investigation into Candiru's attacks started after Citizen Labs shared malware samples found on a victim's systems and led to the discovery of CVE-2021-31979 and CVE-2021-33771, two zero-day vulnerabilities fixed by Microsoft during this month's Patch Tuesday.

Over the past year, an Iran-linked threat actor named Agrius has been observed launching destructive attacks on Israeli targets, under the disguise of ransomware attacks, according to endpoint security company SentinelOne. Likely state-sponsored, the threat group initially engaged in cyberespionage attacks, but then attempted to extort victims, claiming to have exfiltrated and encrypted data.

Researchers on Tuesday disclosed a new espionage campaign that resorts to destructive data-wiping attacks targeting Israeli entities at least since December 2020 that camouflage the malicious activity as ransomware extortions. "An analysis of what at first sight appeared to be a ransomware attack revealed new variants of wipers that were deployed in a set of destructive attacks against Israeli targets," the researchers said.

A new attack group called Agrius is launching damaging wiper attacks against Israeli targets, which researchers said are hiding behind ransomware to make their state-sponsored activities appear financially motivated. Researchers added that the wiper attacks were conducted using a secondary malware called "Deadwood", which Sentinel Labs said has "Unconfirmed links to an Iranian threat group."