Estonia’s Blackwall Raises €45 Million to Enhance SMB Cybersecurity - 1

Photo by Sigmund on Unsplash

Estonia’s Blackwall Raises €45 Million to Enhance SMB Cybersecurity

  • Written by Andrea Miliani Former Tech News Expert
  • Fact-Checked by Sarah Frazier Former Content Manager

The Estonian startup Blackwall raised €45 million euros—around $49.2 million—in its latest funding round, to continue developing products to protect small and medium-sized businesses (SMBs) from malicious online threats.

In a Rush? Here are the Quick Facts!

  • Estonian cybersecurity startup Blackwall secured €45 million in a Series B funding round led by Dawn Capital.
  • The investment aims to enhance Blackwall’s AI-driven security solutions, including its flagship product, GateKeeper, to better protect SMBs from online threats.
  • Blackwall plans to use the funds to double its workforce and expand into U.S. and Asia-Pacific markets.

According to TechCrunch , the recent investment comes from a Series B round and will be destined to develop Blackwall’s technology including Gatekeeper, its flagship product—an AI-powered reverse proxy that analyzes websites’s traffic and identifies and blocks malicious requests.

Blackwall, previously known as Botguard, was founded in 2019 as a solution for the increasing cyberattacks affecting all companies and e-commerce across the globe.

“The main difference is that large enterprises typically can survive with that,” explained Blackwall’s CEO and co-founder Nikita Rozenberg. “Most of these threats can simply kill small businesses.”

The company changed its name to Blackwell—inspired by the video game Cyberpunk 2077—as its owners began to expand its services beyond attacks related to bots.

They have also partnered with hosting services providers—who also need external alliances to meet client’s needs—so that potential customers can include the cybersecurity products in their offering.

Blackwall’s growth and business strategy have gotten the interest of Dawn Capital, one of the main investors in the company.

The startup has now partnered with more than 100 companies, and its services are being used by more than 2.3 million websites and apps. With the new investment, Blackwell expects to continue its expansion to the Unites States and APAC markets and keep developing its technologies.

One of its competitors, CloudFlare, has also been developing AI-powered tools to help customers avoid AI bots.

Over 6,000 Routers Still Vulnerable As Ballista Botnet Expands - 2

Image by Misha Feshchak, from Unsplash

Over 6,000 Routers Still Vulnerable As Ballista Botnet Expands

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

A newly discovered botnet called Ballista is actively targeting TP-Link Archer routers, exploiting a known security flaw to spread across the internet, according to cybersecurity researchers at Cato Networks .

In a Rush? Here are the Quick Facts!

  • Over 6,000 vulnerable routers remain online despite CISA’s patching advisory.
  • Ballista has targeted organizations in the U.S., Australia, China, and Mexico.
  • Researchers suspect the botnet may enable data theft and is evolving on GitHub.

The botnet takes advantage of a firmware vulnerability, tracked as CVE-2023-1389, which allows attackers to gain remote access to unpatched TP-Link routers.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has already flagged the flaw, urging agencies to patch their devices. Despite this, more than 6,000 vulnerable routers remain online, according to a search on cybersecurity platform Censys.

Cato Networks first detected the Ballista campaign on January 10, noting several infiltration attempts, with the latest recorded on February 17.

The botnet’s malware lets attackers execute commands on compromised devices, raising concerns that its creator—who is believed to be based in Italy—may have larger goals beyond typical botnet operations.

“We suspect we caught this campaign in its early stages,” said Matan Mittelman, threat prevention team leader at Cato Networks, as reported by The Record . “We saw it evolving, as within a short timeframe, the threat actor changed the initial dropper to allow stealthier connections to the C2 server through the Tor network,” he added.

Ballista has already targeted organizations in manufacturing, healthcare, technology, and services across the U.S., Australia, China, and Mexico. The malware completely takes over infected routers, reads their configuration files, and then spreads to other devices.

Cato’s security team also found evidence that the botnet may be capable of data theft. While the original IP address linked to the hacker is no longer active, researchers discovered an updated version of the malware on GitHub, indicating that the attack campaign is evolving.

Cato researchers noted that the campaign appears to be growing more sophisticated. While the malware shares some traits with other botnets, it remains distinct from well-known ones like Mirai and Mozi.

The persistent targeting of internet routers by hackers is nothing new. Experts say IoT devices like routers are prime targets due to weak passwords, poor maintenance, and a lack of automatic security updates.

Mittelman explained that over the years, major IoT botnets such as Mirai and Mozi have demonstrated how easily routers can be exploited, and threat actors have taken advantage of this.

He highlighted two key factors that have contributed to the issue: users often neglect to update the firmware on their routers, and router vendors generally fail to prioritize security.

TP-Link routers have been a recurring security concern. The Wall Street Journal recently reported that U.S. agencies are considering banning them due to repeated exploitation by Chinese hackers.