As cyberattacks peak, so does the demand for Profero's services

Cybersecurity is far more than just a business for Omri Segev Moyal. It became personal long ago as well as a means by which to aid those in need of his expertise. In some cases, it also ended up being a matter of life or death.

Moyal is the CEO and co-founder of Israeli cybersecurity company Profero that specializes in incident response, meaning it helps companies address and manage the aftermath of a security breach or cyberattack.

Moyal founded Profero with CTO Guy Barnhart-Magen in 2019 and the company has grown significantly since, although Moyal refuses to reveal exactly by how much in order not to play into the hands of those aiming to harm it and its clients. Moyal, who is also the co-founder of Minerva Labs and the former CTO of ClearSky Cyber Security, was willing to say that Profero employs experts from across the world, aiming to provide an around the clock service to companies in their time of need. He likened the company to Israel's National Counter Terrorism Unit due to the way in which it attracts top talent from the mlitary's elite combat units..

"We identified a huge shortage of IR (incident response) experts across the world and that it is especially difficult to reach locations at a reasonable time. Even big global companies that do IR don't have representatives in every country and it sometimes takes them many hours or days to reach a location," Moyal told CTech. "I realized that there are many cybersecurity solutions, but very few people who specialize in IR. This is really the cream of the crop of cybersecurity. You need to be knowledgeable regarding many types of enterprises and systems and be an expert in security in each of the sectors. There are very few people who can do that and it is very challenging. It is a high-pressure job, that includes working around the clock. That is why we set up a company with people from all over the world, including New Zealand, Singapore, Israel, Germany, the UK, U.S., and Colombia. This isn't something that many companies can provide. Many companies say that they provide IR but there are maybe three companies in Israel that actually do so and several dozen in the entire world.”

Moyal said Profero were experts in solving problems remotely well before the Covid-19 outbreak. "It is a little sad to say, but the pandemic slightly played into our hands as everything became remote. We were really ready for this change and knew exactly how to operate in these conditions. Together with the move to remote work, there was also a massive increase in the number of attacks, which is something I think everyone felt."

Moyal said Profero struggles to meet the demand for its services, forcing him to turn away many potential clients. "In December, when the Pay2Key ransomware operation peaked, we turned down requests from 23 companies who wanted to hire our services," said Moyal. "It wasn't that we didn't want to help them, but we simply couldn't. We were addressing 14 other cases simultaneously at that time. Many companies understood then that if they don't secure our services in advance we might not be able to help them at the crucial time when they face a significant incident. Our business model is based on helping companies when they have an incident, but we also understand that when it comes to big organizations we will give them a guarantee that we will be there when they need us in return for a retainer. We work with them before there is any incident and help improve their security and then if they have an incident we already know how the organization operates and that helps us neutralize it quickly. This proved itself recently with a pretty big organization in Israel that hired our services in advance and we identified an incident very early on and instead of finding themselves in the news after a hack we were there to close it down very quickly."

Profero was involved in aiding several companies that found themselves under attack as part of the SolarWinds hack, as well as several other notable attacks which Moyal couldn’t disclose.

Profero is bootstrapped and isn't seeking any external investment despite plenty of interest. It is continuing to grow both in Israel and abroad, and is hoping to especially bring in new female employees.

"We receive many approaches to invest in the company, both from Israel and abroad, but right now we aren't interested. Perhaps in the future, if we want to turn our technology into a product, but right now that isn't our focus," said Moyal.

Moyal has been deeply involved in cybersecurity for over a decade, including on a personal level. "I think I was the first person to report an Iranian cyberattack in Israel back in 2013. Iranian hackers also tried to attack me personally in 2013. My revenge was to find out who they were and publish their personal details. They made it personal so I decided to post online who they were including their personal details. I also released their attack tools. These were hackers belonging to APT34 and OliRig, which belong to the Iranian Revolutionary Guard and the Iranian intelligence," said Moyal.

This past October, Profero and ClearSky released a report detailing Iranian cyberattacks on Israeli companies. According to the report’s findings, the attack used malware aimed at encrypting computers and blocking users from accessing them, similarly to a ransomware only without demanding money. The Iranian hackers would have been capable of blocking Israeli companies from accessing their data, a troubling scenario especially during the work from home era, and the increased use of digital means to carry out commercial and economic transactions.

Moyal revealed that the person who provided him the information on the Iranian hackers was Masoud Molavi Vardanjani, a critic of Iran’s political and military leadership, who was murdered in Istanbul 15 months ago. It was confirmed on Friday that Turkey had arrested an Iranian official suspected of instigating the killing of the dissident, with a man named Mohammad Reza Naserzadeh being detained earlier in the week on suspicion of planning the shooting.

"When I travel abroad I don't publicize where I'm flying to. For example, I flew to South Africa and only posted pictures from my trip after I returned. These are precautions which you learn that you have to take. When I flew to China it was only with the invitation of the Chinese government and they provided really heavy security. They gave me a hotel room next to that of former Prime Minister Ehud Barak. This is part of this world," said Moyal. "On the one hand, you may publish something about the Chinese government attacking companies while on the other, you will travel to lecture in China at the invitation of the government."

Profero and fellow cybersecurity company Security Joes published a report last month revealing that a state-sponsored Chinese hacking team is believed to have targeted major gaming companies in a ransomware attack. According to the companies, after an extensive investigation into an incident involving ransomware and the encryption of several core servers, their teams were able to discover samples of malware linked to a campaign reported on by TrendMicro1, known as DRBControl, with links to both APT groups: APT27 and Winnti. APT27 is believed to be a state-sponsored Chinese APT group, focused on cyberespionage and theft of information and data. Following these attacks, the hackers demanded ransom in the excess of $100 million in Bitcoin. However, the sum was never transferred, with Security Joes and Profero managing to thwart the attack and minimize the damage.

Profero has been receiving more and more approaches since the outbreak of the pandemic to help in cases of sextortion in which people are blackmailed by hackers threatening to release sexual images or embarrassing information. Moyal said Profero has decided to come to the help of these people pro bono and is calling on those victims who have paid attackers to approach them and provide information (Cryptotracking@profero.io) that will enable Profero to track them down.

"Since the outbreak of the pandemic, we have been getting many approaches related to sextortion. In one of these cases, it was a CEO of a leading company. We have had many others come to us after finding themselves in a similar situation," said Moyal. "We discovered that the best solution in cases like this is to simply cut any communication with the attackers and not pay them. The attackers will not publish information even of senior figures because they know that will result in more attention from law enforcement bodies. These attackers strike thousands of people a month and hope that as many as possible will be scared enough to pay them. They just leave alone anyone who doesn't cave into their demands. Those who pay also won't usually file a complaint because they have already paid.

"We are calling on anyone who was attacked and paid to come to us and provide information," added Moyal. "We are working on identifying and tracking Bitcoin payments made to the attackers and we need a little more information to track these attackers, which is something that police hasn't managed to do. In our company's mission statement we wrote that we will also work to help the community, and we did that, for example, when we assisted with the securing of the Ministry of Health's Covid-19 location-based mobile app HaMagen, and we are doing so in this case as well."