Two years ago, a popular ransomware-as-a-service group's source code got leaked. Now other ransomware groups are using it for their own purposes.

Over the past year, 10 different ransomware families have utilized leaked Babuk source code to develop lockers for VMware ESXi hypervisors.

Hypervisors are programs used to run multiple virtual machines (VMs) on a single server. By targeting ESXi, hackers may be able to infect multiple VMs in an enterprise environment more directly than they could through conventional means.

A few of the Babuk-based ESXi ransomwares are associated with major threat actors like Conti and REvil. And according to Alex Delamotte, senior threat researcher at SentinelOne, a majority of them have been utilized in real-world attacks in recent months.

"It looks like it's an effective model," says Delamotte, who published the new research this week. "As long as they stay profitable, hackers are going to keep using these lockers. And it does seem like they work."

**How We Got Here**

Babuk was a popular though imperfect ransomware-as-a-service (RaaS) offering, first circulated in early 2021.

In September 2021, its business model was interrupted when one of the original creators had a moment of reckoning. "One of the developers for Babuk ransomware group, a 17 year old person from Russia, has been diagnosed with Stage-4 Lung Cancer," vx-underground, a repository for malware source code, wrote in a tweet. "He has decided to leaked the ENTIRE Babuk source code for Windows, ESXI, NAS."

**Babuk As a Baseline**

Since then, threat actors have been using Babuk's various leaked tools as a baseline for crafting new malicious payloads.

For instance, in their report published May 4, researchers from Sentinel Labs identified significant overlaps between the Babuk ESXi ransomware builder and ten other ransomware families: Cylance, Dataf Locker, Lock4, Mario, Play, Rorschach, RTM Locker, XVGV, RHKRC — closely associated with the REvil group's Revix locker — and "Conti POC" — a proof of concept from the notorious and now largely defunct ransomware group.

Delamotte says Mario, Rorschach, XVGV, and Conti POC have all been utilized in attacks already, and users on Bleeping Computer forums have reported being victim to Dataf Locker and Lock4.

**Why Hackers Target ESXi**

VMware ESXi, a "bare metal" hypervisor, uses no operating system as a buffer ("bare metal"), instead interfacing directly with logic hardware. It's installed directly onto a physical server with unfettered access and control over the machine's underlying resources.

All of this is what makes ESXi a powerful platform for IT administrators and, by the same token, hackers. Bad actors can aim to hit multiple VMs running on a single virtual server, utilizing "built-in tools for the ESXi hypervisor to kill guest machines, then encrypt crucial hypervisor files," Delamotte explained in the report.

Enterprises running VMware's ESXi need to be cautious, though the fix is straightforward.

"The most important thing is to ensure that any access — especially management access, to something like an ESXi hypervisor — is very limited," Delamotte advises. "You want to have good role-based access controls and definitely MFA wherever possible on any service account."

Strict, effective access controls should be enough to insulate the vulnerable. "I don't really see any situation," she says, "where somebody can move on to this kind of server without having admin privileges."

Multiple Ransomware Groups Adapt Babuk Code to Target ESXi VMs

Awarded individuals and companies are trailblazers in third-party risk management.

**DENVER--(****BUSINESS WIRE****) --** CyberGRX, provider of the world's first and largest global risk exchange, today announced the winners of the inaugural Cyber Risk Nation Awards. These awards honor leaders who have taken control of their corporate third-party risk management (TPRM) programs, proving that it is possible to overcome the limitations of traditional risk management.

The cyber threat landscape is constantly changing, impacting risk levels and priorities at a company level and within the broader ecosystem. These honorees have implemented malleable risk management strategies that adjust to the positive—and negative—changes in cyber risk that ultimately impact business continuity, reputation, and profitability. Because of the work of these forward-thinking leaders, risk management is solidifying its position as a core business function, serving as a catalyst for new business deals, technology integrations, regulatory compliance requirements, and more.

CyberGRX is proud to recognize the following individuals and their companies for elevating their TPRM programs. The success realized as a result of their endeavors is widely recognized amongst their peers:

*   **Exchange Champion:** Jacob Luna, Director of Client Security Advocacy at ADP
*   **Modern Risk Management Leader:** Joanna Soles, Senior Director, Information Security Corp & Global Functions BISO, Third-Party Risk, PCI at PepsiCo
*   **Innovator of Data:** Nimesh Patel, Global Head of Third Party Assurance, Third Party Risk Management and Cyber Assurance Expert at Barclays
*   **Partner of the Year:** Genevieve White, Head of Security Sales at Telstra
*   **VRM Solution of the Year:** Akhila Managoli, Senior Partner Solution Architect at ServiceNow
*   **TPRM Market Mover:** Rani Urbas, Global Head of Enterprise Trust at Google Cloud
*   **Thought Leader of the Year:** David Wilson, Director, Compliance Assurance at ACI Worldwide

"The winners of the inaugural Cyber Risk Nation Awards have each challenged the status quo to explore new risk management tactics, spearheading dialogue with both internal and external stakeholders to bring innovation into their environments," said Fred Kneip, CEO, CyberGRX. "We are proud to witness the work being done by these individuals and the contributions they have made to their organizations' security programs and the larger community."

As leaders mature their risk management programs, they are increasingly leveraging cyber risk intelligence and insights into emerging threats to pinpoint control gaps where third-parties are not meeting quality standards in their own risk posture. This allows the organizations themselves to assess and take steps to ensure proper cyber defenses. Additionally, by making a standardized assessment available early on in the audit process, organizations can eliminate the need to complete over 70% of incoming security questionnaires and accelerate the sales cycle for their business. As a result, the majority of organizations realize ROI within the first year of maturing their vendor risk management program with CyberGRX.

Genevieve White, Head of Security Sales at Telstra said "Our relationship with CyberGRX helps make us a stronger business partner, through enabling us to assess and mitigate risk, and helps to deliver our customers an approach to third party risk management from procurement and onboarding to engagement."

In the coming weeks, CyberGRX will be hosting podcasts with the winners, discussing in depth the way they tackle third-party risk management at their organizations. To learn more, visit https://www.cybergrx.com/cyberrisknation.

**About CyberGRX**

CyberGRX is the world’s first and largest third-party risk Exchange, equipping organizations with unparalleled cyber risk intelligence. Powered by 13,000 attested assessments, 250,000 company profiles, data on 425 of the 500 most commonly requested vendors, and 100% standardized data, only CyberGRX provides third-party threat intelligence, predictive risk insights, outside-in scanning and scoring, and a portfolio-wide view of security gaps. As a result, cybersecurity professionals can plan appropriately, make decisions confidently, and sleep soundly. CyberGRX is trusted by leading brands around the globe and was designed with partners including Aetna, Blackstone, and MassMutual. Learn more at CyberGRX.com.

CyberGRX Announces Winners of the Inaugural Cyber Risk Nation Awards

Law enforcement will likely find it much harder to take down criminal activities on the "deepverse."

RSA CONFERENCE 2023 – San Francisco – As the metaverse takes shape over the coming years, many of the security issues afflicting cyberspace will begin to spill over into virtual space as well.

One of the biggest of these threats will be the emergence of a new "darkverse," where criminals will be able to operate with greater impunity and more dangerously than they are able to do now on the Dark Web, two researchers from Trend Micro said at an RSA Conference 2023 session in San Francisco, April 26.

The metaverse is a somewhat loosely used term to describe a virtual space where people can interact with other individuals and organizations in a computer-generated version of the physical world. Just like how massive multiplayer online games allow individuals to create digital avatars of themselves and interact with other gamers in fantasy worlds, a full-fledged metaverse will allow individuals to shop, work, socialize and do other activities in a virtual replica of the physical world.

The same phenomenon will happen in the cybercrime underground, the researchers warned. Just like the Dark Web exists on an unindexed deep Web, the darkverse will operate within an unindexed "deepverse" that law enforcement will find hard to penetrate, they noted: The space will offer a safe haven for criminal spaces, extremist spaces, purveyors of child pornography, and those seeking to harass others.

Numaan Huq and Philippe Lin, senior threat researchers at Trend Micro, were two authors of a report last year on how security and privacy threats will likely emerge and evolve in the metaverse as more people begin to use it. Among the threats they identified in the report were amplified versions of some existing issues such as social engineering, financial fraud, and privacy risks, and some new ones such as risks related to NFTs, cyber-physical threats, and more.

**A Nearly Impenetrable 'Darkverse'**

The threats are a distance away from materializing, Huq and Linn said in a conversation with Dark Reading before their talk. "But the bad guys are already talking about how to make a profit in the metaverse," cautions Lin. "If \[organizations\] just ignore the threat and don't invest in trying to address them soon, they could lose more in future," he notes.

Trend Micro itself describes the metaverse as a "cloud distributed, multi-vendor, immersive, interactive operating environment that users can access through different categories of connected device." The metaverse will leverage Web 2.0 and Web 3.0 technologies to provide an interactive layer on top of the current Internet. "As proposed, it's an open platform for working and playing inside an extended reality environment, and it will also be a communications layer for smart city devices," according to Trend Micro.

The darkverse is a space that will exist within this world that, like today's Dark Web, will offer a safe space for free speech and expression against oppressive entities and governments. It will equally be a place for illegal and criminal activities with marketplaces that cater to a wide criminal audience. 

What will make the darkverse a distinctly more dangerous place is the difficulty law enforcement entities will have in trying to infiltrate the criminal activities taking place on it, Huq says. He expects criminals will use authentication tokens to control access to their spaces on the metaverse. They could make it almost impossible for defenders to get these tokens by requiring that users be inside a designated physical location in a specific time frame to receive a token. 

Criminals could also implement location based and proximity-based restrictions for accessing metaverse spaces. Such measures could make it significantly harder for law-enforcement authorities to take these activities down, compared to sinkholing a server or blocking URLs, Huq says.

**New Technologies & Protocols Introduce New Threats**

The darkverse will be a major threat, but not the only one that organizations will need to deal with in the metaverse. Huq and Lin expect that companies over the next several years will begin leveraging the metaverse for different use cases. As one example, Huq points to an operator of critical infrastructure that might create a digital twin of an OT or ICS environment. This would allow an engineer working for that company in New York to troubleshoot and address support issues at an ICS facility in Arizona almost like that engineer was physically present at that facility, he says. Similarly, a retailer could create digital stores where customers could shop in an immersive manner like they were at a physical location.

As such use cases proliferate, so too will the threats. Huq and Lin expect that attackers will look for and find ways to infiltrate and poison these environments to spy, steal, and create other havoc. They expect some of the attacks to target the servers, endpoints, and infrastructure on which the metaverse will run, while others will target metaverse-specific elements like the headsets people will use to access the virtual world, or the objects that exist within.

Huq and Lin, like other researchers also are concerned about the massive harvesting of personal data that is almost inevitably going to happen as more people begin using the metaverse in their personal and work lives.

"The metaverse will introduce in a very short span of time, a lot of new technologies," Huq says. Users will find themselves having to constantly interact with digital objects from a Facebook metaverse, a Google metaverse, a Microsoft metaverse, and other multiple other metaverses. That means having to deal with code being transported from one environment to the other in a very fluid manner. "When you execute a radical new technology, you are definitely going to start having security issues whether cyber, or procedural."

Metaverse Version of the Dark Web Could be Nearly Impenetrable

Despite some success in limiting damage from Hive, there's no time to relax security vigilance.

The government prioritizes the takedown of certain malicious groups based on a variety of factors, including access to a threat actor's computer network(s), and the level of threat they pose to national security and public safety.

Earlier this year, the FBI announced it had taken down the infamous Hive ransomware group. This ransomware group is considered dangerous because of its attempts to extort hundreds of millions of dollars from its victims. The group was also responsible for over 80 attacks on critical infrastructure organizations in 2022, according to the FBI's "2022 Internet Crime Report."

Now with time to reflect on the details of Hive's dismantlement, what are some takeaways security professionals should know? Let's dive in:

**Learning From RaaS Groups**

By taking the time to study criminal ransomware groups' behaviors, organizations can extract information on how to avoid becoming a victim. For example, by obtaining the decryption keys of a ransomware-as-a-service (RaaS) group, the government could potentially gain insight into its operations and infrastructure — including information on funding sources, recruitment methods, and the individuals behind the group. This detail can be used to disrupt and dismantle the group's operations, as well as to identify and indict the individuals involved in the group.

To help organizations learn more about these groups and related threats, the government might consider passing some details to companies by redacting sensitive information, or by sharing information strictly on a need-to-know basis. If information is provided in a general format that doesn't reveal specific details about the group, the government could work with companies to develop and implement security measures that could protect from similar RaaS attacks in the future.

Criminal organizations and lone-wolf cybercriminals often adapt to evade detection and continue their illegal activities. There's always a possibility that the individuals behind the Hive operations eventually will reappear under a different name with alternative methods. The FBI has been seeking to identify key members of the group, disrupt their funding sources, and seize assets that would make it difficult to continue their operations. It's important to note that the fight against cybercrime is an ongoing process, and it's not always possible to eliminate a group or organization. Therefore, it's crucial for law enforcement to remain vigilant.

**Tackling the Organized Cybercriminal Requires a Multidisciplinary Approach**

But just as technologies have evolved to address specific concerns and tactics, adversaries also have evolved.

The proliferation of cloud computing and a dramatic increase in remote working means that security can't be viewed as a "nice-to-have." It's a necessary tool for protecting business interests and securing growth regardless of an organization's size.

However, even with the growing investments in cybersecurity, organizations are still falling victim to breaches via one of the most common methods: compromised credentials. Some 90% of security professionals are still struggling to detect when credentials are compromised. As a result, minimizing the risks associated with compromised credentials should be top of mind for all security leaders. Using tools such as behavioral analytics to create a baseline of normal user behavior can detect compromised credentials before professional-level cybercriminals or an amateur hacker has the chance to cause damage. Solutions with behavioral analytics baked-in also create a holistic view of incidents to uncover anomalies faster and have more accurate and repeatable steps to detect future threats.

It's important to remember that technology is only one piece of the security puzzle. Employee training is also essential, along with a meticulously curated and tested incident-response plan. This response plan should include communication with law enforcement and customers or partner organizations that could be affected by a threat actor. The partnership between private sector organizations and law enforcement was likely a key factor in the Hive takedown.

In the past few years, ransomware has frequently been in the headlines because of security teams and organizations failing to take the appropriate steps to build a formidable defense for their network. To defend against ransomware attacks, companies should invest in modern security solutions and implement advanced security awareness training programs for employees. These solutions can help them understand how to identify a suspicious link, email, or message. With a plan in place, leaders and security professionals have a step-by-step playbook to help them address incidents.

Ransomware gangs are like weeds. When one is taken down, others pop up in its place., the biggest takeaways that security professionals should learn from the government's initiatives to stop Hive are that collaboration, with the right security tools, training, and incident-response plans, are key. By taking the time to learn from RaaS groups and making the right security investments, security teams will be able to have the upper hand.

Effects of the Hive Ransomware Group Takedown

Last year, 71% of enterprise breaches were pulled off quietly, with legitimate tools, research shows.

RSA CONFERENCE 2023 – San Francisco – With little more than smart reconnaissance and existing tools, adversaries are increasingly capable of compromising an enterprise network without making any noise or leaving a trace behind.

In fact, according to CrowdStrike CEO Jeff Hurtz and president Michael Sentonas, 71% of enterprise cyberattacks in calendar year 2022 were done without malware.

At this year's RSA Conference, Hurtz and Sentonas returned to the keynote stage to walk the audience through a case study of just how easily a threat actor can not just penetrate a network but also move laterally and persist without making a ripple, illustrating in stark terms the kind of challenge cybersecurity teams face trying to detect, much less mitigate, malwareless compromises.

The legendary cybersecurity duo profiled the "Spider" cybercrime group from the stage as a perfect example of the phenomenon.

"They're very well prepared, and they are very well resourced," Sentonas explained. "And they really like to leverage existing tools; there's no need to get fancy if you can just blend in."

**Spider: Anatomy of a Malwareless Attack**

First, Spider initiates an in-depth intelligence gathering effort. Hurtz said his team was able to establish the threat actor spent more than an hour on the phone with the victim company's help desk trying to get any insights that could fuel the next phase of social engineering. 

Once they had a specific user in their sights, Spider initiates a voice call informing the user their credentials had been compromised. Victims are then sent a malicious link and prompted to enter in not just their login details, but also their multifactor authentication (MFA) data. Once the user is tricked into handing those over, Spider is off and running.

"We call that the layer A problem," Hurtz joked, about the user handing over the goods. "It's between the chair and the keyboard."

Spider then uses the Tails operating system and Evilginx2 to compromise the user's credentials to set up an AnyDesk account controlled by the cyberattackers. AnyDesk remains a popular remote desktop tool among threat actors, Hurtz added.

Spider also uses dedicated machines that hide their identity, and run their code on hardware as much as possible to avoid detection. "It could be from anywhere," Sentonas said. "It blends in because its not going to come from some crazy domain."

Other tools, like DigitalOcean Droplet, used as a virtual machine, fill out the attack chain. Ultimately, Hurtz and Sentonas explained, the Spider attack ends with the persistent actor set up with their own users on the network, free and able to exfiltrate data at will. And importantly, Sentonas noted, if the threat actor can get into the on-premises network, the cloud is likely going to sync and become compromised as well.

Importantly, Sentonas and Hurtz wanted to disabuse the audience of the notion that threat actors need full admin access to set up new users. They don't, and Sentonas showed exactly how just delegated permissions could allow him to move freely about the company's customer relationship management system, as well as add themselves as a SQL server admin.

In the past couple of quarters, CrowdStrike has been dealing with about one enterprise per week reeling from this type of malware-free cyberattack, Sentonas said.

**How to Defend Against Malware-Free Cyberattacks**

When it comes to defending the enterprise, endpoint detection and response (EDR) and other malware detection tools aren't terribly useful against malware-free cyberattacks. There's simply no malicious code to detect.

Instead, Hurtz and Sentonas urged enterprises to focus on gathering as much telemetry as possible from the endpoint to the cloud and managing identity down to the tiniest details.

But gathering all that telemetry and identity data leaves teams with vast oceans of information that's not particularly useable for threat hunting. That's where artificial intelligence (AI) and machine learning (ML) can be meaningfully deployed to look for anomalous activity, like added user accounts, to detect malicious activity, without malicious code.

It's also important to protect the enterprise MFA service from compromise, they added.

"Maintain good identity store hygiene, Sentonas said. "And protect the services you use for MFA."

Malware-Free Cyberattacks Are On the Rise; Here's How to Detect Them

The Data Security Maturity Model ditches application, network, and device silos when it comes to architecting a data security strategy.

RSA CONFERENCE 2023 – San Francisco – The coalition behind the Data Security Maturity Model has issued a second iteration of the framework, aimed at making it easier for businesses to protect data from leaks.

The coalition, created by Cyberhaven last summer, is led by Sounil Yu, CISO at JupiterOne and includes a range of security leaders from a range of companies, including Boston Scientific, Caterpillar Financial, Fleet, Flexport, Motorola Mobility, Twilio, VillageMD, and others.

During a panel at RSA Conference 2023, entitled Comprehensive Cyber Capabilities Framework: A Tech Tree for Cybersecurity, coalition members laid out a vision for the next generation of data security.

"The ability to protect any type of data across devices, applications, and cloud assets is essential if organizations are to take advantage of the power of modern collaboration and digital transformation without exposing their data to external threats, insider threats, or simple mistakes by well-intentioned users," the coalition said in a statement.

The DSMM aligns to the NIST Cybersecurity Framework and the Cyber Defense Matrix, and to enable a data-centric view, it defines five key functions:

*   **Identify & Classify:** Find and classify all data covered by the data security program.
*   **Protect:** Minimize the exposure of sensitive data by controlling how it is accessed, used, and retained.
*   **Detect:** Collect and analyze data risk to identify data-related security events or policy violations that were not stopped by the "Protect" function.
*   **Respond:** Establish immediate, short-term actions to be taken upon detection of a potential incident.
*   **Recover & Improve**: Determine actions needed to not only restore normal operations (as they pertain specifically to data), but also to build back stronger.

In its second iteration released this week, the maturity model refines each of these pillars to take into account more granular context, such as what server infrastructure is being used, how much is in the cloud, privacy regulations, how employees and others use the data, and how applications, APIs, and non-human endpoints use it, and more — in order to gain a fuller picture of an organization's data footprint.

**The Data & Digital Transformation Problem**

Richard Rushing, panelist and CISO of Motorola Mobility, tells Dark Reading that a new framework approach was needed given that, in the age of digital transformation, getting arms around all of the data being generated at any given point within an organization simply can't be accomplished by looking at protection in a siloed way. The old concept of seeing data in the context of devices, applications, or the network, needed to be traded for a focus on the data itself, wherever it goes within an organization.

"If you think about what security is enabling, it's the use of data, and ubiquitous access to it," he says. "It's necessary to connect to the network to use the data that's in the network to make better decisions for the business or make better decisions for your customers. But data is found in different places, sometimes it's at rest, and sometimes it's in transit."

He adds that the problem is — quite literally — growing, also necessitating a rethink of protection architecture.

"Data is on a logarithmic curve; for every amount of data that I have next year, it's probably 2.5 times more than the amount of data I had this year," he says. "We're data hoarders, for lack of a better term; no one wants to get rid of people's information who have signed up to websites and forums and everything else, so we have this enormous data sprawl. That, in turn, leaves behind security blind spots."

Further adding to the challenge is the fact that some data is of course more sensitive than other information, and some information doesn't need protecting at all, Rushing points out. And there's dynamism in terms of defining appropriate security levels as data ages.

He uses a product launch to illustrate his point. "With a product release, we start off with a situation where no one knows about it, everything's embargoed, and you're protecting this important intellectual property," he explains. "And the next thing you know, it's released for public consumption. And it's suddenly not top secret anymore, in fact, you want the whole world to know about it."

Rushing says that the framework is meant to tame some of this chaos, and that it can be tailored to large enterprises and small-to-midsized businesses alike. It allows organizations to focus in on a number of practice areas, too — including risk-based decision prioritization, collaboration, continuous education, risk management for vendors and third parties, compliance, being transparent, and incident response and how to recover data.

"I don't want to say it's one size fits all, but it's very close to one size fits all," he explains. "The controls are going to be different depending on the environments, but the approach is meant to be flexible enough to accommodate that."

He says that the framework is a living architecture that the coalition plans to refine and evolve over time. However, the time to make the switch to thinking about things in a data-centric kind of way should start now.

"If you don't start \[or\] you don't think about this, you're going to get hit in the next 6, 12, 18 months in some way, shape, or form," he warns. "It's not like the Internet is becoming a safer neighborhood and data is the new oil that's going to drive business and attackers alike."

CISOs Rethink Data Security With Info-Centric Framework

The report found that ninety-seven percent of security vulnerabilities labeled as "critical" could actually be deprioritized.

**NEW YORK****,** **April 25, 2023** **/PRNewswire/ --** Datadog, Inc. (NASDAQ: DDOG), the monitoring and security platform for cloud applications, today released its 2023 State of Application Security Report. To better understand the current vulnerabilities and threats targeting DevOps organizations, researchers evaluated real-world data from thousands of Datadog customers. According to the report, only three percent of critical vulnerabilities are truly high risk and worth prioritizing.

The emergence of widespread vulnerabilities and the importance of rapidly discovering vulnerable applications means the onus is on DevOps teams to stay ahead of threats while maintaining release velocity and ensuring efficient use of security budgets. All vulnerabilities rated critical by the Common Vulnerability Scoring System (CVSS) get prioritized for fixes by application and security teams. However, according to Datadog's 2023 State of Application Security Report, only three percent of vulnerabilities rated as critical by the CVSS are actually worth prioritizing.

The research report compared the standard CVSS severity score with a modified severity score that accounts for runtime context. This approach considers evidence of suspicious traffic, as well as internet-exposed or sensitive environments. As a result, ninety seven percent of vulnerabilities labeled as critical by CVSS could be downgraded and assigned a lower severity score.

"In today's macroeconomic environment, it is more important than ever to optimize costs wherever possible. For security teams, that means there is increased pressure to find and fix the vulnerabilities that will most impact the business," said Emilio Escobar, Chief Information Security Officer at Datadog. "The findings in the State of Application Security Report show that there is a clear path to maximizing the efficiency of security budgets this year by prioritizing the three percent of vulnerabilities that are actually critical and will have the greatest impact on the organization's security posture."

Other findings from the report include:

*   One out of every ten attacks targeted non-production environments.
*   Seven out of ten attacks failed to succeed because they targeted the wrong programming language, operating systems or vulnerabilities.
*   Java services have the most critical vulnerabilities while Python services have the fewest.

The 2023 State of Application Security Report is available now. Read the full report here: https://www.datadoghq.com/state-of-application-security.

**About Datadog**

Datadog is the observability and security platform for cloud applications. Our SaaS platform integrates and automates infrastructure monitoring, application performance monitoring, log management, real-user monitoring, and many other capabilities to provide unified, real-time observability and security for our customers' entire technology stack. Datadog is used by organizations of all sizes and across a wide range of industries to enable digital transformation and cloud migration, drive collaboration among development, operations, security and business teams, accelerate time to market for applications, reduce time to problem resolution, secure applications and infrastructure, understand user behavior, and track key business metrics.

**Forward-Looking Statements**

This press release may include certain "forward-looking statements" within the meaning of Section 27A of the Securities Act of 1933, as amended, or the Securities Act, and Section 21E of the Securities Exchange Act of 1934, as amended including statements on the benefits of new products and features. These forward-looking statements reflect our current views about our plans, intentions, expectations, strategies and prospects, which are based on the information currently available to us and on assumptions we have made. Actual results may differ materially from those described in the forward-looking statements and are subject to a variety of assumptions, uncertainties, risks and factors that are beyond our control, including those risks detailed under the caption "Risk Factors" and elsewhere in our Securities and Exchange Commission filings and reports, including the Annual  Report on Form 10-K filed with the Securities and Exchange Commission on February 24, 2023, as well as future filings and reports by us. Except as required by law, we undertake no duty or obligation to update any forward-looking statements contained in this release as a result of new information, future events, changes in expectations or otherwise.

Datadog's 2023 State of Application Security Report Presents Top AppSec Trends

New CrowdStrike Falcon platform integration delivers multi-cloud visibility and protection of data assets with layered malware detection and file scanning to stop modern attacks.

**TEL AVIV, Israel****,** **April 25, 2023** **/PRNewswire/ --** Dig, the cloud data security leader, today announced its new technology integration with CrowdStrike, a leader in cloud-delivered protection of endpoints, cloud workloads, identity, and data. The Dig Data Security Platform integrates with the CrowdStrike Falcon platform to deliver real-time visibility and control of cloud data assets for accurate discovery of sensitive data and security posture gaps. Dig is the first-in-the-market Data Security Posture Management (DSPM) solution combining malware detection with Data Leak Prevention (DLP) and real-time Data Detection and Response (DDR) for securing data assets across storage services in the cloud.

"Organizations rely on the ability to upload large amounts of data to the cloud. But it is too easy for them to lose track of what they have. Unmonitored and unsecured data is too easily infected by malware. Unless detected, it evolves into a ticking time bomb that threatens business processes and operations," said Dan Benjamin, CEO and Co-Founder of Dig Security. "The Dig integration with CrowdStrike's malware detection and file scanning capabilities across cloud data stores helps customers benefit from comprehensive data asset visibility and security across all enterprise cloud stacks."

Legacy point malware detection solutions only scan cloud storage buckets and fall short of comprehensive protection. The integration protects cloud data assets from malicious content with complete malware scanning from the CrowdStrike Falcon platform across: all cloud storage buckets, such as Amazon Simple Storage Service (Amazon S3), Azure Blob Storage, and Google Buckets; FileStores and other unstructured data stores that live in the cloud; and other IaaS, PaaS, and DBaaS providers, including Databricks, Oracle Cloud, and Snowflake.

The Dig Data Security Platform is recognized as the industry's first and only solution to combine data security posture management (DSPM), data loss prevention (DLP), and data detection and response (DDR) capabilities into a single platform. It is easy to implement, cloud-scalable, and highly efficient for today's security teams. Dig enables enterprise cloud and security teams to produce immediate insights using its agentless cloud native solution that delivers a short setup time, zero maintenance, and comprehensive, automated response at scale.

The new integration builds on an existing partnership between CrowdStrike and Dig, who is a CrowdStrike Falcon Fund portfolio company. A cross-stage investment fund, the CrowdStrike Falcon Fund is the largest corporate venture arm in the cybersecurity industry. The program is designed to build an ecosystem of next-generation security leaders that share a common mission through a unique combination of investment and deep technical integrations.

"As more and more companies are moving to the cloud, there is a natural increase in cloud exploitations and compromise of critical cloud infrastructure. As a result, we have deepened our partnership with Dig Security, an innovative Falcon Fund leader in data security and DDR, to address this challenge," said Gur Talpaz, vice president of corporate development and head of Falcon Fund at CrowdStrike. "In our mission to stop breaches and make cloud data inherently secure, it's critical we continue collaborating with companies like Dig to provide customers with real-time data visibility, protection and control across all clouds and all data stores."

For more information about Dig and CrowdStrike's integration, visit here, meet with Dig at RSA, or stop by the Dig booth (#5273) in the North Expo during RSAC 2023 from April 24-27, 2023, at the Moscone Center in San Francisco, CA.

**About Dig Security**

Dig Security helps organizations discover, classify, protect, and govern their cloud data.

With organizations shifting to complex environments with dozens of database types across clouds, monitoring and detecting data exfiltration and policy violations has become a complex problem with limited fragmented solutions. Dig's cloud-native and completely agentless approach re-invents cloud DLP with DDR (Data Detection & Response) capabilities to help organizations better cope with cloud data sprawl. Dig was founded by three cyber security veterans from Microsoft and Google and is backed by Team8, SignalFire, Felicis, CrowdStrike, Okta Ventures, CyberArk Ventures, and Merlin Ventures. Visit us at https://www.dig.security/.

SOURCE Dig Security

Dig Security Announces New Integration With CrowdStrike

**SAN FRANCISCO****,** **April 25, 2023** **/PRNewswire/ --** BlackBerry Limited (NYSE: BB; TSX: BB) and Solutions Granted today announced an extended partnership, naming the leading cybersecurity services provider a Master Managed Security Services Provider (MSSP), enabling it to better scale and meet the growing demand for cybersecurity services among small and medium-sized businesses (SMBs).

"Solutions Granted has been honored as BlackBerry MSSP Partner of the Year for North America for five consecutive years and we're excited to take our partnership to the next level by crowning them as our top Master MSSP," said Adam Enterkin, Chief Revenue Officer, Americas, BlackBerry Cybersecurity. "BlackBerry is dedicated to increasing its focus on MSSP partners to ensure they're set up for success. Endpoints are proliferating, and so are the cyberattacks against them. Our extended partnership with Solutions Granted will help hundreds of small and mid-size businesses continuously adapt to an ever-changing threat landscape."

As a 'Master MSSP', Solutions Granted will be better positioned to help its own partners to deliver Managed Detection and Response (MDR) and other Managed Security Services to their mid-market and SMB clients.  In partnership with BlackBerry and heavily leveraging the Cylance® AI-powered portfolio, Solutions Granted helps thousands of clients secure their environments and prevent attacks. By working with Solutions Granted, MSSPs and managed service providers (MSPs) can offer industry leading managed security, without making the significant investment of building out their own security operations center (SOC).

CylanceENDPOINT™ is among the solutions it helps managed service providers (MSPs) deploy to clients, either as individual managed services or integrated into a SOC-as-a-service offering.

"BlackBerry's support for our business model provides the flexibility we need to continue to meet customer demand and provide the best possible product support for their business needs," said Michael E. Crean, Chief Executive Officer, Solutions Granted. "We value the investment BlackBerry is making in our partnership and know this will go a long way in setting up our customers for success."

To learn more about BlackBerry MSSP Partners, visit blackberry.com/us/en/partners/mssp-partners.

**About BlackBerry**

BlackBerry (NYSE: BB; TSX: BB) provides intelligent security software and services to enterprises and governments around the world.  The company secures more than 500M endpoints including over 215M vehicles.  Based in Waterloo, Ontario, the company leverages AI and machine learning to deliver innovative solutions in the areas of cybersecurity, safety and data privacy solutions, and is a leader in the areas of endpoint management, endpoint security, encryption, and embedded systems.  BlackBerry's vision is clear - to secure a connected future you can trust.

BlackBerry. Intelligent Security. Everywhere. 

For more information, visit BlackBerry.com and follow @BlackBerry.

_Trademarks, including but not limited to BLACKBERRY and EMBLEM Design are the trademarks or registered trademarks of BlackBerry Limited, and the exclusive rights to such trademarks are expressly reserved.  All other trademarks are the property of their respective owners.  BlackBerry is not responsible for any third-party products or services._

**About Solutions Granted Inc.**

Solutions Granted is a Master Managed Security Services Provider (Master MSSP). They offer cybersecurity solutions to North American MSPs and MSSPs and are committed to delivering solutions without requiring minimums, commitments, or long-term contracts. They proudly offer many security layers as well as a 24x7 U.S.-based Security Operations Center (SOC). Over the past several years, Solutions Granted has emerged as a clear leader in the channel, by winning countless awards including the CRN Security 100 list, Top 100 MSSP List, Top Global MSSP List, and BlackBerry MSSP Partner of the Year. Learn more at https://www.SolutionsGranted.com.

BlackBerry Extends Partnership With Managed Security Services Provider (MSSP) to Ensure SMBs are Set Up for Cyber Success

CISOs and cybersecurity teams will play a key role in hardening artificial intelligence and machine learning systems.

RSA CONFERENCE 2023 – San Francisco – As enterprises and government agencies increasingly weave artificial intelligence (AI) and machine learning (ML) into their broader set of systems, they'll need to account for a range of risk resilience issues that start with cybersecurity concerns but spread far beyond those. 

A panel on April 24 at RSA Conference 2023 composed of distinguished AI and security researchers examined the problem space of AI resilience, which includes weighty issues like adversarial AI attacks, AI bias, and ethical application of AI modeling.

Cybersecurity professionals need to start to tackling these issues both within their organizations and as collaborators with government and industry groups, panelists noted.

"Many organizations will look to integrate AI/ML capabilities of their core business functions, but in doing so will increase their own attack surface," explained panel moderator Bryan Vorndran, assistant director at the FBI Cyber Division. "Attacks can occur in every stage of the AI and ML development and deployment cycle, models, training data, and APIs can be targeted."

The good news is that there is time to ramp up into these efforts if the community begins work now.

"We have a really unique opportunity here as a community," said Neil Serebryany, CEO of CalypsoAI. "We're aware of the fact that there is a threat, we're seeing early incidents of this threat, and the threat is not full-blown yet."

The 'yet' is the operative word, he emphasized, and his fellow panelists agree. The field of risk management is in a place with AI similar to where cybersecurity was with the Internet in the 1980s, said Bob Lawton, chief of missions capabilities for the Office of the Director of National Intelligence Science and Technology Group.

"Imagine if it's 1985 and you knew the challenges that we were going to face in the cyber domain now, what would we as a community, as an industry do differently 35 years ago, and that's exactly where we're at with AI right now," said Lawton. "We have the time and space to get it right."

Specifically when it comes to direct attacks against AI systems by adversaries, the threats are still very rudimentary, but that's only because the attackers are only putting the work they need to in order to achieve their objectives right now, said Christina Liaghati, AI strategy execution and operations manager for MITRE Corporation.

"I think we're going to see many more of the malicious actors having a higher level of sophistication of these attacks, but right now they don't have to, which I think is what's really interesting about this space," she told the audience.

Nevertheless, she warned that organizations can't treat the risks lightly. The interest of threat actors to increase their sophistication and knowledge of AI models will only keep growing as it is embedded into systems they can profitably attack. And this is just as true of smaller organizations using simple ML models in financial systems as it would be for government agencies using it in an intelligence capacity.

**Everyone Is at Risk**

"If you're deploying AI in any environment where any actor might want to misuse or evade or attack that system, your system is vulnerable," she said. "So, it's not just super advanced tech giants or anybody that's deploying AI in a massive way. If your system is in any kind of consequential environment and then you incorporate AI and machine learning into that broader system of systems context, you could be exposing it in new ways that you're probably not thinking about or necessarily prepared for."

The challenge with AI for many cybersecurity executives is that addressing these risks will require they and their teams gain a whole new set of knowledge and parlance around AI and data science.

"I don't think that AI assurance at its core is a traditional infosec problem," Serebryany said. "It's a machine learning problem that we're trying to figure out how to translate into the infosec community."

For example, hardening the models requires understanding of key data science metrics like recall precision accuracy and F1 scores, he said.

"So I think it's kind of incumbent upon us to be able to figure out how to take these underlying ML concepts and research and translate the parlance, the concepts and the standard operating procedures within a soft context that makes sense within the infosec community," he said.

At the same time, Liaghati said to not discount the security basics as AI/ML models and systems will be deployed in the context of other systems for which security teams have decades of experience managing risk. The principles of data security, application security, and network security are still extremely relevant, as are standard risk management and OpSec best practices.

"So many of those are just good practices. It's not just a big, fancy adversarial layer or being able to patch a data set. It's not necessarily that complicated," she says. "Many of the ways that you can mitigate these threats are just thinking about the amount of information that you're putting out within public domain on what models you're using, what data you're using, where it's coming from, \[and\] what the broader system context looks like around that AI system.

Source

DARKReading