As threats proliferate, so do new tools for protecting medical devices and hospitals

Six months after an episode of “Homeland” showed hackers exploiting security vulnerabilities in the (fictional) Vice President’s pacemaker, Mike Kijewski, the founder of a new startup security company called Medcrypt, was approached by his (then) employers at Varian Medical Systems with a unique problem.  “A hospital came to the company and said we are treating […]

Six months after an episode of “Homeland” showed hackers exploiting security vulnerabilities in the (fictional) Vice President’s pacemaker, Mike Kijewski, the founder of a new startup security company called Medcrypt, was approached by his (then) employers at Varian Medical Systems with a unique problem. 

“A hospital came to the company and said we are treating a patient and a nation-state may attempt to assassinate the patient that we’re treating by using a cybersecurity vulnerability in a medical device to do it,” Kijewski recalled.

At the time, there were no universal solutions to those types of security threats — so companies were left to cobble together one-off solutions for their devices, which is what Kijewski’s former employer likely attempted to do.

Ever since, Kijewski became obsessed with the security holes that exist in the foundation of the healthcare industry’s practice — the devices used to diagnose and treat patients.

“My partner Eric Pancoast and I looked into the problem of medical device cybersecurity and we found two things,” says Kijewski. “Number one there were no regulations forcing medical device companies to use cybersecurity protections at all. Number two, any given company has only one core competency — maybe two. And are medical device vendors going to have cryptography and cybersecurity competencies?”

Medcrypt was launched in 2016 to ensure that medical device manufacturers wouldn’t need to be cryptographic experts. The company is graduating from the latest batch of Y Combinator (after raising a $3 million seed round from Eniac Ventures and other investors) with a pitch to secure medical devices using just a single line of code.

It’s a technological necessity thanks to new guidelines from the Food and Drug Administration requiring medical devices to include security features like encryption, signature verification, and intrusion detection.

By inserting a single line of code into the software of a device, Medcrypt can provide the security manufacturers need at the device level, according to Kijewski.

The company not only encrypts the data on the device, but it also provide intrusion detection services by analyzing medical device metadata to identify standard device behaviors and deviations from that behavior, Kijewski said.

Medcrypt is one of a growing number of startups that are securing medical devices and hospital networks as the threats to the healthcare system proliferate.

Other startups are working on protecting hospital networks. Companies like Medigate, founded by ex-Israeli officers from the Israeli Defense Forces, which just raised $15 million from investors including YL Ventures and US Venture Partners; and Cylera, which is backed by Samsung Next and launched from the DreamIT healthcare accelerator are two such companies.

By 2017, Beckers Health IT and CIO Report counted over 107 technology companies pitching cybersecurity solutions to healthcare practitioners and medical device manufacturers.

It’s little wonder so many companies are pouring in to close the (data) breach in healthcare, given the scope of the problem.

A 2018 report from Experian cited by U.S. News indicated that 233 breaches were reported to the Department of Health and Human Services, media, or state attorneys general in the period from January to June 2017. And for the 193 attacks where the scope of the breach was calculated, roughly 3.2 million patient records were affected.

Experian predicts healthcare cybersecurity spending will be a $65 billion industry by 2021.

Still, some of the security problems that hospitals face can be solved with some fairly basic updates. Indeed, perhaps the most critical — and the one that left hospitals most exposed — is just ensuring that their technology can accept patches and security upgrades. Many of the attacks that crippled health networks came down to an inability to upgrade their Windows operating systems.

Sometimes, all it takes is tightening the screws to make sure the machines don’t fall apart.

“Connected medical devices — from patient monitors, MRIs and CAT scanners to infusion pumps and yet-to-be invented devices — are critical to the delivery of healthcare today and are revolutionizing the care of tomorrow,” said YL Ventures founder Yoav Leitersdorf in a statement announcing Medigate’s 2017 financing. “These devices are inherently different from traditional IT endpoints and can’t be protected by currently available products and practices. With the pandemic of cyberattacks targeting healthcare providers, far too many connected devices are left vulnerable and exposed, putting patient health and privacy at risk.”

 

With cybersecurity threats looming, the government shutdown is putting America at risk

Putting political divisions and affiliations aside, the government partially shutting down for the third time over the last year is extremely worrisome, particularly when considering its impact on the nation’s cybersecurity priorities. Unlike the government, our nation’s enemies don’t ‘shut down.’ When our nation’s cyber centers are not actively monitoring and protecting our most valuable assets and critical infrastructure, threats magnify and vulnerabilities become further exposed.

Putting political divisions and affiliations aside, the government partially shutting down for the third time over the last year is extremely worrisome, particularly when considering its impact on the nation’s cybersecurity priorities. Unlike the government, our nation’s enemies don’t ‘shut down.’ When our nation’s cyber centers are not actively monitoring and protecting our most valuable assets and critical infrastructure, threats magnify and vulnerabilities become further exposed.

While Republicans and Democrats continue to butt heads over border security, the vital agencies tasked with properly safeguarding our nation from our adversaries are stuck in operational limbo. Without this protection in full force acting around the clock, serious extraneous threats to government agencies and private businesses can thrive. This shutdown, now into its fourth week, has crippled key U.S. agencies, most notably the Department of Homeland Security, imperiling our nation’s cybersecurity defenses.

Consider the Cybersecurity and Infrastructure Security Agency, which has seen nearly 37 percent of its staff furloughed. This agency leads efforts to protect and defend critical infrastructure, as it pertains to industries as varied as energy, finance, food and agriculture, transportation, and defense.

As defined in the 2001 Patriot Act, critical infrastructure is such that, “the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.” In the interest of national security, we simply cannot tolerate prolonged vulnerability in these areas.

Employees who are considered “essential” are still on the job, but the loss of supporting staff could prove to be costly, in both the short and long term. More immediately, the shutdown places a greater burden on the employees deemed essential enough to stick around. These employees are tasked with both longer hours and expanded responsibilities, leading to a higher risk of critical oversight and mission failure, as weary agents find themselves increasingly stretched beyond their capabilities.

The long-term effects, however, are quite frankly, far more alarming. There’s a serious possibility our brightest minds in cybersecurity will consider moving to the private sector following a shutdown of this magnitude. Even ignoring that the private sector pays better, furloughed staff are likely to reconsider just how valued they are in their current roles. After the 2013 shutdown, a significant segment of the intelligence community left their posts for the relative stability of corporate America. The current shutdown bears those risks as well. A loss of critical personnel could result in institutional failure far beyond the present shutdown, leading to cascading security deterioration.

This shutdown has farther reaching effects for the federal government to attract talent in the form of recent college grads or those interested in transitioning from the private sector. The stability of government was once viewed as a guarantee compared to the private sector, but work could incentivize workers to take their talents to the private sector.

The IRS in particular is extremely vulnerable, putting America’s private sector and your average taxpayer directly in the crosshairs. The shutdown has come at the worst time of the year, as the holidays and the post-holiday season tend to have the highest rates for cybercrime. In 2018, the IRS reported a 60 percent increase in email scams. Meanwhile, as the IRS furloughed much of its staff as well, cyber criminals are likely to ramp up their activity even more.

Though the agency has stated it will recall a “significant portion” of its personnel to work without pay, it has also indicated there will be a lack of support for much beyond essential service. There’s no doubt cybercriminals will see this as a lucrative opportunity. With tax season on the horizon, the gap in oversight will feed directly into cyber criminals’ playing field, undoubtedly resulting in escalating financial losses due to tax identity theft and refund fraud.

Cyberwarfare is no longer some distant afterthought, practiced and discussed by a niche group of experts in a backroom. Cyberwarfare has taken center stage on the virtual battlefield. Geopolitical adversaries such as North Korea, Russia, Iran, and China rely on cyber as their most agile and dangerous weapon against the United States. These hostile nation-states salivate at the idea of a prolonged government shutdown.

From Russian interference in the 2016 presidential election to Chinese state cybercriminals breaching Marriott Hotels, the necessity  to protect our national cybersecurity has never been more explicit.

If our government doesn’t resolve this dilemma quickly, America’s cybersecurity will undoubtedly suffer serious deterioration, inevitably endangering the lives and safety of citizens across the nation. This issue goes far beyond partisan politics, yet needs both parties to come to a consensus immediately. Time is not on our side.

To fight election meddling, Google’s cyber unit Jigsaw extends its anti-DDoS protections to European politicos

Jigsaw, the cybersecurity-focused division owned by Google parent Alphabet, is now allowing political organizations in Europe to sign up for its anti-web-flooding technology for free. Until now, the free-to-use technology designed to protect political campaigns and websites against distributed denial-of-service (DDoS) attacks — dubbed Project Shield — was only available to news sites and journalists, human […]

Jigsaw, the cybersecurity-focused division owned by Google parent Alphabet, is now allowing political organizations in Europe to sign up for its anti-web-flooding technology for free.

Until now, the free-to-use technology designed to protect political campaigns and websites against distributed denial-of-service (DDoS) attacks — dubbed Project Shield — was only available to news sites and journalists, human rights sites and elections monitoring sites in the U.S.

Now, Jigsaw is extending those protections to European political operators ahead of contentious parliamentary elections later this year.

The anti-DDoS technology aims to protect websites and services from being pummeled with tons of junk internet traffic from multiple sources at once. It protects against several types of DDoS attacks — and not just the traditional layer 3 or 4 protocol-based attacks but also the more powerful layer 7 attacks that involve large volume, often thanks to DNS amplification.

By caching a website, the technology absorbs a lot of the malicious traffic, and filtering harmful traffic keeps sites running.

Jigsaw’s move comes at a time when highly anticipated elections are expected to adjust political powers across the continent — particularly in what’s left of the European Union, after the controversial British departure from the EU, known as “Brexit.” Anti-political actors and nation-state hackers have long worked hard in Europe to disrupt elections and sow discord in an effort to discredit results.

Some have outright launched flooding attacks to down websites at a time when they’re most needed.

In the last year alone, several flooding attacks left critical websites downed for hours and longer. Election sites from Tennessee to the Czech Republic were downed in an effort to disrupt the voting process.

Project Shield said it’s offering the service for free to all European political organizations and campaigns, said Jigsaw’s Dan Keyserling in an email to TechCrunch. That’s in contrast to existing providers, like Cloudflare, that sell DDoS protection.

“The spread of DDoS attacks is a global issue,” said Keyserling. “Just scanning the news showed us it is a growing problem.”

VC funding of cybersecurity companies hits record $5.3B in 2018

2018 wasn’t all bad. It turned out to be a record year for venture capital firms investing in cybersecurity companies. According to new data out by Strategic Cyber Ventures, a cybersecurity-focused investment firm with a portfolio of four cybersecurity companies, more than $5.3 billion was funneled into companies focused on protecting networks, systems and data across […]

2018 wasn’t all bad. It turned out to be a record year for venture capital firms investing in cybersecurity companies.

According to new data out by Strategic Cyber Ventures, a cybersecurity-focused investment firm with a portfolio of four cybersecurity companies, more than $5.3 billion was funneled into companies focused on protecting networks, systems and data across the world, despite fewer deals done during the year.

That’s up from 20 percent — $4.4 billion — from 2017, and up from close to double on 2016.

Part of the reason was several “mega” funding rounds, according to the company. Last year saw some of the big eight companies getting bigger, amassing a total of $1.3 billion in funding last year. That includes Tanium’s combined $375 million investment, Anchorfree’s $295 million and Crowdstrike’s $200 million.

According to the report, North America leads the rest of the world with $4 billion in VC funding, with Europe around neck-and-neck at $550 million each but growing year-over-year.

In fact, according to the data, California — where many of the big companies have their headquarters — accounts for nearly half of all VC funding in cybersecurity in 2018.By comparison, only about $300 million went to the “government” region — including Maryland, Virginia, and Washington DC, where many government-backed or focused companies are located.

“As DC residents, we have to think there is more the city could do to entice cybersecurity companies to establish their headquarters in the city,” the firm said. Virtru, an email encryption and data privacy firm, drove the only funding of cybersecurity investment in Washington DC last year, they added.

“We’ve seen this trend in the broader tech ecosystem as well, with many, large international funds and investment outside of the U.S.,” the firm said. “Simply put, amazing and valuable technology companies are being created outside of the U.S.”

Looking ahead, Tanium and Crowdstrike are highly anticipated to IPO this year — so long as the markets hold stable.

“It’s still unclear what the public equity markets have in store in 2019,” the firm said. “A few weeks in and we’re already experiencing a government shutdown, trade wars with China, and expected slow down in global economic growth.”

“However, only time will tell what 2019 has in store,” the firm concluded.

A popular WordPress plugin leaked access tokens capable of hijacking Twitter accounts

A popular WordPress plugin, installed on thousands of websites to help users share content on social media sites, left linked Twitter accounts exposed to compromise. The plugin, Social Network Tabs, was storing so-called account access tokens in the source code of the WordPress website. Anyone who viewed the source code could see the linked Twitter […]

A popular WordPress plugin, installed on thousands of websites to help users share content on social media sites, left linked Twitter accounts exposed to compromise.

The plugin, Social Network Tabs, was storing so-called account access tokens in the source code of the WordPress website. Anyone who viewed the source code could see the linked Twitter handle and the access tokens. These access tokens keep you logged in to the website on your phone and your computer without having to re-type your password every time or entering your two-factor authentication code.

But if stolen, most sites can’t differentiate between a token used by the account owner, or a hacker who stole the token.

Baptiste Robert, a French security researcher who goes by the online handle Elliot Alderson, found the vulnerability and shared details with TechCrunch.

In order to test the bug, Robert found 539 websites using the vulnerable code by searching PublicWWW, a website source code search engine. He then wrote a proof-of-concept script that scraped the publicly available code from the affected websites, collecting access tokens on more than than 400 linked Twitter accounts.

Using the obtained access tokens, Robert tested their permissions by directing those accounts to ‘favorite’ a tweet of his choosing over a hundred times. This confirmed that the exposed account keys had “read/write” access — effectively giving him, or a malicious hacker, complete control over the Twitter accounts.

Among the vulnerable accounts included a couple of verified Twitter users and several accounts with tens of thousands of followers, a Florida sheriff’s office, a casino in Oklahoma, an outdoor music venue in Cincinnati, and more.

Robert told Twitter on December 1 of the vulnerability in the third-part plugin, prompting the social media giant to revoke the keys, rendering the accounts safe again. Twitter also emailed the affected users of the security lapse of the WordPress plugin, but did not comment on the record when reached.

Twitter did its part — what little it could do when the security issue is out of its hands. Any WordPress user still using the plugin should remove it immediately, change their Twitter password, and ensure that the app is removed from Twitter’s connected apps to invalidate the token.

Design Chemical, a Bangkok-based software house that developed the buggy plugin, did not return a request for comment when contacted prior to publication.

On its website, it says the seven-year plugin has been downloaded more than 53,000 times. The plugin, last updated in 2013, still gets dozens of downloads each day.

MITRE assigned the vulnerability CVE-2018-20555. It’s the second bug Robert has disclosed in as many days.

Some of the biggest web hosting sites were vulnerable to simple account takeover hacks

A security researcher has found, reported, and now disclosed a dozen bugs that made it easy to steal sensitive information or take over any customer’s account from some of the largest web hosting companies on the internet. In some cases, clicking on a simple link would have been enough for Paulos Yibelo, a well-known and respected bug […]

A security researcher has found, reported, and now disclosed a dozen bugs that made it easy to steal sensitive information or take over any customer’s account from some of the largest web hosting companies on the internet.

In some cases, clicking on a simple link would have been enough for Paulos Yibelo, a well-known and respected bug hunter, to take over the accounts of anyone using five large hosting providers — Bluehost, Dreamhost, Hostgator, OVH, and iPage.

“All five had at least one serious vulnerability allowing a user account hijack,” he told TechCrunch, which he shared his findings with before going public.

The results of his vulnerability testing likely wouldn’t fill customers with much confidence. The bugs, now fixed — according to Yibelo’s writeup, represent cases of aging infrastructure, complicated and sprawling web-based back-end systems, and company each with a massive user base —with the potential to go easily wrong.

In all, the bugs could have been used to target any number of the collective two millions domains under Endurance-owned Bluehost, Hostgator and iPage, Dreamhost’s one million domains and OVH’s four million domains — totaling some seven million domains.

Most of Yibelo’s attacks were simple enough, but effective if combined with a targeted spearphishing campaign that targeted high-profile users. With domain registration data available for most large clients on registrar WHOIS databases, most of the attacks would have relied on sending the domain owner a malicious link by email and hoping that they click.

In the case of Bluehost, Yibelo embedded malicious JavaScript on a page full of kittens or puppies, or anything he wants. As soon as a logged-in Bluehost user clicks on a link from an email or a tweet to that page, the hidden JavaScript will on the page, and inject the attacker’s own profile information into the victim’s account — assuming that the user is already logged in to Bluehost — by exploiting a cross-site request forgery (CSRF) flaw. That allows the attacker to modify data on the server from his malicious site, while the victim is none the wiser. By injecting their own information — including email address — the attacker can request a new password to that attacker’s email address, and takeover the account.

A demo of a simple hack, involving a one-click link that lets an attacker break in and takeover a user’s account. (Paulos Yibelo/YouTube)

Yibelo also found that the attack could work in the form of a cross-site scripting (XSS) attack. He demonstrated how a single click on a malicious link could instantly swap out a Dreamhost account owner’s email address for one that an attacker uses, allowing Yibelo — or an attacker — to send a password reset code to be sent to the email of the attacker, permitting an account takeover.

Hostgator, meanwhile, suffered from several vulnerabilities, including a similar CSRF flaw that tricked countermeasures to prevent a cross-site script from running, which allowed him to add, edit, or modify any data in the victim’s profile, such as an email address that could be used to reset the user’s password.

Yibelo also found several other lesser-likely but still serious flaws, allowing man-in-the-middle attacks on a local network — such as a public Wi-Fi hotspot.

OVH, meanwhile, had a similar flaw that allowed Yibelo to bypass its CSRF protections that allow him to add, change or edit user profile data. By using another vulnerability in its API, it could’ve allowed an attacker to fetch and read responses from OVH.

And, iPage, had a similar one-click flaw which could be easily exploited because the web host doesn’t require an old or current password when resetting the account’s login details. That made it possible for an attacker to craft a malicious web address which, when clicked, would reset the password to one of the attacker’s choosing — allowing them to login as that user.

Most of the web hosting companies also fixed other information and data leaking flaws, also discovered by Yibelo.

All of the companies, besides OVH — which didn’t respond to a request for comment sent prior to publication — confirmed that the bugs were fixed.

Kristen Andrews, a spokesperson for Endurance, a web hosting company that owns Bluehost, Hostgator and iPage, said that the company has “taken steps to address and patch the potential vulnerabilities in question,” but, when asked, did not say if the bugs had been exploited or if customer accounts or data had been compromised.

Dreamhost, meanwhile, said it fixed the bugs “less than 48 hours later,” according to spokesperson Brett Dunst, and found no evidence to suggest anyone exploited the bug outside Yibelo’s testing.

“After a thorough review of our system access logs we can confirm that no customer accounts were affected and no customer data was compromised,” he said. “The exploit would have required a logged-in DreamHost user to click a specially-formatted malicious link to alter their own account’s contact information.”

It’s remarkable to think that of all the ways to break into a website, often — as Yibelo showed — isn’t through any convoluted attack or busting firewalls. It’s simply through the front door of the site’s host, requiring little effort for the average hacker.

Another server security lapse at NASA exposed staff and project data

Two months ago, NASA quietly fixed a buggy internal server that was leaking sensitive information about the agency’s staff and their work. The leaking server was — ironically — a bug reporting server, running the popular Jira bug triaging and tracking software. In NASA’s case, the software wasn’t properly configured, allowing anyone to access the […]

Two months ago, NASA quietly fixed a buggy internal server that was leaking sensitive information about the agency’s staff and their work.

The leaking server was — ironically — a bug reporting server, running the popular Jira bug triaging and tracking software. In NASA’s case, the software wasn’t properly configured, allowing anyone to access the server without a password, Avinash Jain, an India-based security researcher who found the exposed server, told TechCrunch.

According to Jain’s writeup, some Jira instances can be misconfigured to allow “everyone” access without a password — including anyone on the internet — and not “everyone” within an organization, as some believe.

This was the case for NASA’s leaking server.

Jain found the leaking server in October exposing NASA staff usernames and email addresses and the projects they were working on. Because Jira contains information about bugs and issues within an organization, including works in progress, the server was also gave up what agency staff are working on and their upcoming milestones.

It’s not known if any classified information was on the Jira server, such as names or details of sensitive projects. Jain also said it’s not clear how how many NASA staff users were in the database as Jira limits searches to 1,000 queries at a time.

After he contacted NASA and CERT/CC, the vulnerability disclosure center at Carnegie Mellon University, the exposed server was fixed some three weeks later, he said.

NASA never responded to his private disclosure.

Although NASA has a page on HackerOne, a vulnerability reporting program, allowing researchers to email NASA of security issues, the agency doesn’t have a dedicated bug bounty program.

“I dropped [NASA] around five emails before it was fixed, and I was never informed that it was fixed,” he told TechCrunch.

CERT/CC latest expressed its “appreciation” for Jain privately reporting the bug.

This latest server lapse is yet another bruise for the U.S. space agency’s security posture — the fourth known incident this decade, after over a dozen hacks in 2011 alone and another sensitive data breach in 2016.

The latest breach was just before Christmas, in which the agency reported a data compromise affecting current and former NASA employees between July 2006 to October 2018. But CERT/CC told Jain in an email that there was “no evidence” his finding was related to NASA’s latest breach disclosure.

NASA was unable to comment during the government shutdown, according to an automated message on the agency’s press line.

A look back at the Israeli cyber security industry in

Yoav Leitersdorf Contributor Yoav Leitersdorf is a partner at YL Ventures. More posts by this contributor A look back at the Israeli cyber security industry in Trends in Israel’s cybersecurity investments Ofer Schreiber Contributor Ofer Schreiber is a partner at YL Ventures. More posts by this contributor The state of Israel’s cybersecurity market Trends in […]

2018 saw a spate of major cyber attacks including the hacks of British Airways, Facebook and Marriott. Despite growing emphasis on and awareness of cyber threats, large organizations continue experiencing massive data breaches. And as the world becomes increasingly connected (cars and medical devices, among others), attack vectors are evolving and exposures multiply.

The Israeli cybersecurity industry has long been recognized as a hotbed for innovative solutions, and 2018 to be yet another strong year. Early stage companies raised more money than ever before to tackle emerging security threats like protecting the proliferating number of internet-connected devices and enabling blockchain technologies to thrive in more secure environments.

Growing seed rounds chasing greenfield opportunities

In 2018, the total amount of funding for Israeli cybersecurity companies across all stages grew 22 percent year-over-year to $1.03B. This closely matched the funding trends of 2016 and 2017 that each saw 23 percent year-over-year growth in funding amount. At the same time, 2018 saw 66 new companies founded, an increase of 10 percent over 2017, which represented a rebound after a dip last year (60 new companies in 2017 vs. 83 in 2016). Notably, average seed round increased to $3.6M in 2018 from $3.3M in 2017. 2018 marked the fifth consecutive year the size of Israeli cyber seed rounds grew. Since 2014, the average seed round size has increased 80 percent.

With industry growth metrics of Israeli cybersecurity up across the board in 2018, 2017’s dip in new cyber startups appears to have been an outlier. Not only does entrepreneurial interest in cyber look to be on the rise, investor enthusiasm, especially at the early stages, signals a market brimming with opportunity. Growing round sizes are interesting, but more revealing is following where this capital is flowing.

Emerging fields supplanting “traditional” technologies

The top emerging fields among new startups in 2018 included new verticals within IoT security, security for blockchain and cryptocurrencies, cloud-native security and SDP (Software Defined Perimeter). These nascent verticals drew considerably more attention than more “traditional” cyber sectors such as network security, email security and endpoint protection. Of all the emerging sectors, IoT drew the most investment with funding reaching $229.5M across all stages. What makes IoT particularly interesting is its continual branching into various new sub-domains including automotive, drones and medical devices.

Shai Morag, CEO and co-founder of Secdo, an Israeli cybersecurity firm acquired for $100M by Palo Alto Networks in mid-2018, sees these trends accelerating. “Innovation is going to keep happening in these areas for the next few years. We’ll also see innovation in third-party supply-chain risk assessment and management. Another wide-open field for innovation is SMBs. They are an underserved market hungry for full-stack solutions. These emerging fields are where I’m seeing the most excitement.”

Breaking out data on seed round funding into cyber startups targeting emerging vs. traditional markets reveals an even more pronounced growth trend. 2018’s aggressive early stage funding rounds disproportionately focused on companies pursuing emerging fields within cybersecurity. Of the 33 seed rounds raised in 2018, 20 (61 percent) went to companies in emerging fields. Even more striking, the sum of all seed rounds for emerging tech companies in 2018 was $79M, a 76 percent year-over-year increase. The numbers are clear, there is overwhelming investor interest in emerging cyber tech.

For example, the two largest seed funding rounds this year were in the IoT security domain. VDOO, founded by ex-Cyvera entrepreneurs (acquired by Palo Alto Networks in 2014 for $200M) and which develops security solutions for IoT vendors, raised an abnormally high seed round of $13M. Toka Cyber has secured $12.5M seed funding from Andreessen Horowitz and others, to develop and expand their IoT cybersecurity platform for governmental agencies. Twistlock, a pioneer developer of cloud-native security solutions raised $33M series C this year. BigID which protects sensitive data in light of GDPR and other privacy regulations raised both A ($14M) and B ($30M) rounds during 2018.

As the more traditional cybersecurity markets continue to consolidate and mature, prospects dim for “me too” cyber startups. We see that the industry still faces pressing problems in need of innovative solutions. Looming labor shortages, GDPR and other global data privacy legislation and the IoT explosion, are major challenges presenting substantial opportunities to incumbents able to provide relief. Investors and entrepreneurs sense greenfield opportunities on the horizon and are racing to plant their flags before the competition. This new divergent ecosystem is more selective of sophisticated, savvy investors and specialized, seasoned entrepreneurs.

Greenfields, not green founders

In 2018, 60 percent of founders had more than a decade’s worth of experience in the private sector–a 28 percent increase from 2017. The experience of these more seasoned founders came mostly from working in startups either as an executive or as an entrepreneur. Although Israel’s cybersecurity ecosystem relies heavily on the technical training potential entrepreneurs receive during service in the Israeli Defense Forces (IDF), in 2018, the proportion of founders coming straight out of the IDF fell to 2 percent, dropping from 10 percent the year before.

While nearly all Israeli founders leverage the skills and know-how acquired in the IDF’s various technological units, the need for experience from the private sector, either as an executive or an employee, seems to be more prevalent. Larger seed checks and larger ambitions are fuelling this push for more mature, veteran founders. Rising founders are not simply looking to build a novel technology and score a lucrative acquihire exit from an existing giant–they want to push into greenfield territory and stake a market-leading claim all their own.

Amichai Shulman, co-founder & former CTO of Imperva and a Venture Advisor at YL Ventures, gives such founders aiming to “own a market” the following advice: “Make sure you’re able to explain – primarily to yourselves – how your offering and product becomes something bigger than what it inherently is in the beginning. Be able to articulate how you expand (in the future) further into organizations, not just by ‘selling more’ but by solving bigger and more general problems.”

Cyber exits continue to overperform

Beyond general trends, 2018 also had many exciting individual exits. Checkpoint-Dome9 and CyberArk-Vaultive were notable because both acquirer and acquiree were Israeli — a mark of true market maturity. The acquisition of Sygnia by Singaporean holding giant Temasek also was remarkable because it shows that the Israeli cyber market continues to attract new classes and kinds of global strategic players each year. In addition, Thoma Bravo’s  $2.1B acquisition of Israeli cyber firm Imperva made waves throughout the industry.

Tsahy Shapsa, co-founder of Cloudlock, which was acquired by Cisco in 2016 for $293M, reflected on the potential he sees coming from growing global investment. “From an entrepreneurial perspective, there is a constant dilemma between short-/mid-term exits and building a legacy company. As funding floods into Israel from around the world, temptation to sell early only increases. But all these exits have an advantage. They grow the pool of experienced, ‘repeat’ entrepreneurs and set the stage for more legacy companies to originate locally.” Zohar Alon, CEO and co-founder of Dome9 Security, which was acquired by Checkpoint in 2018 for $175M added the following guidance: “Israeli entrepreneurs should establish and maintain a constant communication channel with the local corporate development leaders, same as most do with the VC community focusing on product and go-to-market synergies.”

Israeli cybersecurity maintaining momentum

In 2018, investors became more domain-focused and preferred emerging fields. With traditional cybersecurity consolidating, emerging greenfields signal much stronger potential. Furthermore, growth continued both in cybersecurity startups as well as their fundraising across all stages, indicating rising confidence in the Israeli cybersecurity market.

The 2018 Israeli cybersecurity market boasted an excellent exit climate, highlighted not only by Imperva’s large-scale acquisition but also by the diversity in the types of players in the space. As such, the local cybersecurity market signals its ability to create and nurture large-scale security vendors, thereby attracting variety of both international and local players which continue identifying and capitalizing opportunities in this domain. For 2018, as has been the case for many years past, the state of the cyber nation is strong–and 2019 appears to promise more of the same.

Australia rushes its ‘dangerous’ anti-encryption bill into parliament, despite massive opposition

Australia’s controversial anti-encryption bill is one step closer to becoming law, after the two leading but sparring party political giants struck a deal to pass the legislation. The bill, in short, grants Australian police greater powers to issue “technical notices” — a nice way of forcing companies — even websites — operating in Australia to […]

Australia’s controversial anti-encryption bill is one step closer to becoming law, after the two leading but sparring party political giants struck a deal to pass the legislation.

The bill, in short, grants Australian police greater powers to issue “technical notices” — a nice way of forcing companies — even websites — operating in Australia to help the government hack, implant malware, undermine encryption or insert backdoors at the behest of the government.

If companies refuse, they could face financial penalties.

Lawmakers say that the law is only meant to target serious criminals — sex offenders, terrorists, homicide and drug offenses. Critics have pointed out that the law could allow mission creep into less serious offenses, such as copyright infringement, despite promises that compelled assistance requests are signed off by two senior government officials.

In all, the proposed provisions have been widely panned by experts, who argue that the bill is vague and contradictory, but powerful, and still contains “dangerous loopholes.” And, critics warn (as they have for years) that any technical backdoors that allow the government to access end-to-end encrypted messages could be exploited by hackers.

But that’s unlikely to get in the way of the bill’s near-inevitable passing.

Australia’s ruling coalition government and its opposition Labor party agreed to have the bill put before parliament this week before its summer break.

Several lawmakers look set to reject the bill, criticizing the government’s efforts to rush through the bill before the holiday.

“Far from being a ‘national security measure’ this bill will have the unintended consequence of diminishing the online safety, security and privacy of every single Australian,” said Jordon Steele-John, a Greens’ senator, in a tweet.

Tim Watts, a Labor member of Parliament for Gellibrand, tweeted a long thread slamming the government’s push to get the legislation passed before Christmas, despite more than 15,000 submissions to a public consultation, largely decrying the bill’s content.

The tech community — arguably the most affected by the bill’s passing — has also slammed the bill. Apple called it “dangerously ambiguous”, while Cisco and Mozilla joined a chorus of other tech firms calling for the government to dial back the provisions.

But the rhetoric isn’t likely to dampen the rush by the global surveillance pact — the U.S., U.K., Canada, Australia and New Zealand, known as the so-called “Five Eyes” group of nations — to push for greater access to encrypted data. Only earlier this year, the governmental coalition said in no uncertain terms that it would force backdoors if companies weren’t willing to help their governments spy.

Australia’s likely to pass the bill — but when exactly remains a mystery. The coalition government has to call an election in less than six months, putting the anti-encryption law on a timer.

Civil servant who watched porn at work blamed for infecting a US government network with malware

A U.S. government network was infected with malware thanks to one employee’s “extensive history” of watching porn on his work computer, investigators have found. The audit, carried out by the U.S. Department of the Interior’s inspector general, found that a U.S. Geological Survey (USGS) network at the EROS Center, a satellite imaging facility in South […]

A U.S. government network was infected with malware thanks to one employee’s “extensive history” of watching porn on his work computer, investigators have found.

The audit, carried out by the U.S. Department of the Interior’s inspector general, found that a U.S. Geological Survey (USGS) network at the EROS Center, a satellite imaging facility in South Dakota, was infected after an unnamed employee visited thousands of porn pages that contained malware, which downloaded to his laptop and “exploited the USGS’ network.” Investigators found that many of the porn images were “subsequently saved to an unauthorized USB device and personal Android cell phone,” which was connected to the employee’s government-issued computer.

Investigators found that his Android cell phone “was also infected with malware.”

The findings were made public in a report earlier this month but buried on the U.S. government’s oversight website and went largely unreported.

It’s bad enough in this day and age that a government watchdog has to remind civil servants to not watch porn at work — let alone on their work laptop. The inspector general didn’t say what the employee’s fate was, but ripped into the Department of the Interior’s policies for letting him get that far in the first place.

“We identified two vulnerabilities in the USGS’ IT security posture: web-site access and open USB ports,” the report said.

There is a (slightly) bright side. The EROS Center, which monitors and archives images of the planet’s land surface, doesn’t operate any classified networks, a spokesperson for Interior’s inspector general told TechCrunch in an email, ruling out any significant harm to national security. But the spokesperson wouldn’t say what kind of malware used — only that, “the malware helps enable data exfiltration and is also associated with ransomware attacks.”

Investigators recommended that USGS enforce a “strong blacklist policy” of known unauthorized websites and “regularly monitor employee web usage history.”

The report also said the agency should lock down its USB drive policy, restricting employees from using removable media on government devices, but it’s not known if the recommendations have yet gone into place. USGS did not return a request for comment.