PayPal to pay $60m for Israeli security startup CyActive

CyActive's predictive cyber-defense system is the US firm's second acquisition in Israel.
Written by David Shamah, Contributor

In what will be its second acquisition in Israel, PayPal is set to acquire Israeli cybersecurity firm CyActive.

CyActive says its technology can predict what malware hackers are going to come up with next - allowing developers to come up with ways of mitigating the attacks, before the malware agent behind that attack is even created.

Neither PayPal nor CyActive would comment on the acquisition, but a source close to the deal said it was worth at least $60m.

Both PayPal and its soon-to-be-ex-parent company eBay are no strangers to the Israeli startup ecosystem. In 2008, PayPal acquired Israeli risk tools and analytics firm Fraud Sciences. eBay, meanwhile, has a Tel Aviv-based research and development center, based on the buyouts of two Israeli startups: Magento, an open source online retail platform, acquired in 2011; and The Gifts Project, a social commerce company that lets friends buy gifts together online, also acquired in 2011.

PayPal has been active in the Israel tech space for some time. In November, for example, PayPal awarded Israeli startup AirHop $100,000 in its BattleHack for Good contest.

The startup has produced an app which uses an iOS feature called the Multipeer Connectivity Framework, which enables app developers to cobble together a peer-to-peer network using wi-fi, Bluetooth, and other connection protocols, allowing users to create a mesh network where one can 'borrow' someone else's connectivity - for example, when they've exceeded the call minutes or mobile data on their plan.

AirHop's technology would also enable travelers abroad to take advantage of a local user's cellphone service plan without having to buy one themselves, with PayPal supplying the network of individual 'service providers'.

Calling AirHop "extraordinary," John Lunn, a senior director at PayPal and BattleHack judge, said that it was "absolutely disruptive. What [the team from] Tel Aviv built from a technology standpoint was incredible. I've never seen it before."

CyActive is also aiming to exploit existing resources to come up with new solutions with its tech. According to CyActive CEO Leron Tancman, malware - like legitimate programs - are derivative, and even advanced versions have the same core components as earlier predecessors. "You can see very clearly what the 'exploitation kill chain' is, the methods hackers are using now and the variants they are likely to use," Tancman told ZDNet recently. "Even the major attacks of recent years, like Flame, Stuxnet, and others, use a similar core."

In fact, a report issued in December by CyActive indicates that a particularly severe attack - the Sony hack that leaked sensitive emails and cost the company $15m - consisted of a "warmed over" attack that had been used several times before.

"There is much similarity, both in code and methods, between the malware that hit Sony - Trojan Destover\BKDR_WIPALL.A - and two other data-erasing malware - Disttrack\Shamoon - that hit Saudi company ARAMCO in 2012, and the DarkSeoul attack on South Korean banks and TV broadcasters in 2013," CyActive said in its report. "Even in such damaging scenarios, the cyber attacker's tools are reused. For them, if it worked once, tweak it a bit and it will work again. The attack on Sony demonstrates quite clearly that this method works quite well."

PayPal has other security assets in Israel. It calls on Israeli white-hat hacker Shai Rod for his pentesting services and uses his hacking skills to penetrate the company's servers in order to determine how secure they really are.

Rod has consistently been on the worldwide list of top ten PayPal pentesters in its Bug Bounty program for most of the past three years. Among his accomplishments for PayPal is the discovery of an app that would have enabled hackers to easily reach administrator pages. These pages would give a hacker control of a wide swath of the Paypal system, including the parts connected to transactions, which could have led to a devastating financial loss. "I reported this issue to PayPal," said Rod. "The application was removed immediately and is no longer available."

What's unique about the CyActive deal is that the startup is barely a year old - and it has been the object of a great deal of attention from investors, both within Israel and abroad. Among the investors in CyActive is SFS VC, the venture capital unit of Siemens.

CEO Ralf Schnall told ZDNet recently the investment firm was "particularly excited" by CyActive's approach "to securing industrial and utilities assets. CyActive's founders are leaders in the field and the company's unprecedented cyber security technology turns the economic equation in favor of the defender."

Read more on PayPal

Editorial standards