StageSeries A - III | Alive
Last Raised$6M | 2 mos ago
CYFIRMA offers an external threat landscape management platform. The company combines cyber intelligence with attack surface discovery and digital risk protection to deliver a warning, personalized, outside-in, and multi-layered insights. Its cloud-based AI and ML-powered analytics platform provide the hacker’s view with deep insights into the external cyber landscape, helping clients prepare for impending attacks. This company was founded in 2017 and is based in Singapore.
CYFIRMA's Product Videos
Compete with CYFIRMA?
Ensure that your company and products are accurately represented on our platform.
CYFIRMA's Products & Differentiators
The company’s flagship product, DeCYFIR, arms governments and businesses with personalized intelligence where insights are tailored to their industry, geography and technology. DeCYFIR provides clients with multi-layered intelligence covering strategic, management and operational insights. DeCYFIR’s ability to combined cyber-intelligence with attack surface discovery, vulnerability intelligence, brand intelligence, situational awareness and digital risk protection sets it apart from the competition. The platform provides risk and hackability scores to help clients prioritize security actions. Clients also receive insights that will enable them to conduct effective intelligence hunting and attribution, connecting the dots between hacker, motive, campaign and method to gain a comprehensive view of their threat landscape.
Expert Collections containing CYFIRMA
Expert Collections are analyst-curated lists that highlight the companies you need to know in the most important technology spaces.
CYFIRMA is included in 2 Expert Collections, including Artificial Intelligence.
This collection includes startups selling AI SaaS, using AI algorithms to develop their core products, and those developing hardware to support AI workloads.
Latest CYFIRMA News
Apr 19, 2023
April 18, 2023 CYFIRMA recently detected a cyber-attack on a person living in Kashmir, India, and obtained two malware pieces from the victim’s mobile download folder. The investigation of these samples links the recent cyber-attack to DoNot APT, which has a long-standing record of activity in the area. It seems the perpetrator behind the cyber-attack exploited third-party file-sharing websites to distribute malware to the victim’s mobile device. Due to this, the downloaded files get saved in the main download folder of the victim’s device. It’s might be possible that the attacker created their file-sharing website to deploy the malware. Interestingly, the malware samples were disguised as chat apps named:- Ten Messenger.apk Link Chat QQ.apk This threat actor has carried out cyber attacks in the South Asian region since 2016 when it was first found to be active. External threat landscape management The earlier campaign’s Android samples had encrypted strings that utilized the Base64 algorithm. Unlike the previous campaign’s samples, the team discovered that the strings in the current sample had two encryption layers with CBC mode and PKCS padding:- Base64 The code was hard to comprehend because it was obfuscated and safeguarded using Pro Guard. According to the CYFIRMA technical analysis report of the attack shared with GBHackers, it aligns with DoNot APT’s modus operandi, as they have previously targeted entities in this region. The threat actor has employed spear-phishing tactics against their adversaries in various industries and locations in the past. However, it’s unclear what the motive was behind the recent attack. The recent attack by DoNot APT on an individual in Kashmir does not surprise the threat intelligence community. Since this group has repeatedly targeted NGOs and other entities in the following regions in the past:- Kashmir Pakistan It is possible that the threat actor used popular messaging apps such as WhatsApp to initiate a social engineering attack and deliver the malicious app. In contrast to other messaging apps, WhatsApp does not save attachments to the download folder, instead, they are saved in the WhatsApp media location. Technical Analysis The victim will be prompted to open the application as soon as the Android Malware Sample has been installed. Once the victim opens the app, it prompts them to enable the accessibility service through a repeated alert every time they open the app, until the victim enables it. Once the victim clicks on “Ok,” the app directs them to the Accessibility settings page and requests that they enable Accessibility by turning on “Link Chat.” The app then conceals itself from the main menu and limits the victim’s ability to uninstall it. The malicious app’s Android Manifest file contains a snippet revealing its attempt to acquire various permissions. By doing so, the app could execute malicious activities, harming the victim’s device and privacy. Here below we have mentioned all the permissions it asks for:- READ_CALL_LOG: This enables actors to read and fetch call logs. READ_CONTACTS: This permission allows TA to read and fetch contacts. READ_SMS: This permission enables the threat actor to read the victim’s received and sent SMSs. READ_EXTERNAL_STORAGE: This allows threat actors to explore and fetch data from the file manager. WRITE_EXTERNAL_STORAGE: This allows threat actors to delete and move files. STORAGE: This gives access to mobile internal storage, to view and access files. ACCESS_FINE_LOCATION: Allows the threat actor to fetch precise locations and track the live movement of mobile phones. WRITE_CALL_LOG: This allows the threat actor to delete numbers from call logs. GET_ACCOUNTS: This allows the threat actor to extract emails and usernames, used for login into various internet platforms. In order to decrypt the string, it was determined that the playstoree[. ]xyz domain is involved. In addition to being one year old, the suspected IOC is part of the notorious Do Not APT group. The string is encrypted and decrypted by a class using a secret key. Monitoring of compromised victims’ outgoing and incoming calls is performed using the following permissions:- android.intent.action.NEW_OUTGOING_CALL android.intent.extra.PHONE_NUMBER A new sample with a different name was discovered during the analysis carried out by security experts. However, except the command and control domain, the code used in the present sample is the same as the code they have previously analyzed. The attackers continuously focus on individuals in Kashmir, using relatively unsophisticated attack methods. Apart from this, the threat actors have been observed using the same TTPs for the past two years, and this indicates a lack of innovation in their attacks. Also Read:
CYFIRMA Frequently Asked Questions (FAQ)
When was CYFIRMA founded?
CYFIRMA was founded in 2017.
Where is CYFIRMA's headquarters?
CYFIRMA's headquarters is located at 6 Raffles Quay, Singapore.
What is CYFIRMA's latest funding round?
CYFIRMA's latest funding round is Series A - III.
How much did CYFIRMA raise?
CYFIRMA raised a total of $18M.
Who are the investors of CYFIRMA?
Investors of CYFIRMA include Larsen & Toubro, OurCrowd, Z3Partners, Goldman Sachs, Zodius Capital and 3 more.
Who are CYFIRMA's competitors?
Competitors of CYFIRMA include Digital Shadows and 5 more.
What products does CYFIRMA offer?
CYFIRMA's products include DeCYFIR and 1 more.
Who are CYFIRMA's customers?
Customers of CYFIRMA include Mitsubishi Motors and SkyPerfect.
Compare CYFIRMA to Competitors
Nisos is a technology-enabled cyber-service and investigations firm through the practice of Active Defense. Active Defense provides the commercial sector the means to protect its assets, inform its decision-making, and defend its position in a market under growing attack by advanced adversaries. The company was founded in 2015 and is based in Alexandria, Virginia.
Flashpoint delivers business risk intelligence (BRI) services. The company's data, expertise, and technology enable customers to glean intelligence that informs risk and protects their ability to operate and offers to bolster cybersecurity, confront fraud, detect insider threats, enhance physical security, and more. It was founded in 2011 and is based in New York, New York.
Cybersixgill is a cyber threat intelligence company that covertly and automatically analyzes Dark Web activity detecting and preventing cyber-attacks and sensitive data leaks before they occur. Utilizing advanced algorithms, Cybersixgill's cyber intelligence platform provides organizations with continuous monitoring, prioritized real-time alerts, and actionable intelligence. Through advanced data mining and social profiling, Cybersixgill examines threat actors and their patterns of behavior, identifying and predicting cybercrime and terrorist activity.
Recorded Future provides intelligence-related solutions to reveal unknown threats. It delivers threat intelligence powered by patented machine learning to significantly lower risk, empowering organizations to reveal unknown threats before they impact business and enabling teams to respond to security alerts. The company was founded in 2009 and is based in Somerville, Massachusetts.
ImmuniWeb reduces the complexity and costs of application security, software development, and compliance. ImmuniWeb AI Platform illuminates external attack surfaces, public code repositories and Dark Web exposure for a well-informed, risk-based and DevSecOps-enabled application penetration testing.
V.U.L Nine Security Solutions, dba VUL9 Security Solutions, is a provider of solutions for Information Security, Logistical and Technological crisis management, as well as cyber warfare. The company specializes in surveying the penetrability of data systems and providing practical solutions that are in-line with the client's cost-benefit ratio.
Discover the right solution for your team
The CB Insights tech market intelligence platform analyzes millions of data points on vendors, products, partnerships, and patents to help your team find their next technology solution.