**CORK, Ireland--(****BUSINESS WIRE****)--** Vaultree, the Data-In-Use Encryption leader, today announced the appointment of Rinki Sethi to the company's board of directors.

Rinki Sethi is the current vice president and chief information security officer at BILL, where she leads global information technology functions. She is also responsible for leading efforts to protect BILL’s information and technology assets and advise the company’s continued innovations in the security space.

Sethi brings decades of security and technology leadership expertise, including her recent roles as VP and CISO at Twitter and Rubrik, Inc. She has been at the forefront of developing cutting edge online security infrastructure at several Fortune 500 companies such as IBM, Palo Alto Networks, Intuit, eBay, Walmart.com and PG&E. Sethi also serves on the board of ForgeRock, a global digital identity leader. She advises many other startups and VCs.

Sethi holds several recognized security certifications and has a B.S. in Computer Science Engineering from UC Davis and a M.S. in Information Security from Capella University.

“Bringing Rinki on board underscores our strong focus on innovation in the field. With Vaultree on the journey to solving major cryptographic problems around data security and encryption, it is incredibly important to us that we work with industry experts like Rinki to ensure we bring Data-In-Use Encryption to the forefront and enable businesses to significantly reduce the risks of plaintext data exposure,” said Ryan Lasmaili, CEO and co-founder of Vaultree. “Trust and confidence are other important pillars that Rinki will bring with her to support Vaultree in creating an encrypted future where plaintext data no longer exists, and Data-In-Use Encryption is the standard across all industries.”

In addition to its recent $12.8m Series A funding round, the appointment of Sethi will be instrumental in fulfilling Vaultree’s mission to protect the sensitive data of people and enterprises worldwide.

“I am joining Vaultree because I am very excited about their mission and how it will unleash the power of data by processing encrypted data. I am also very impressed by the team Vaultree has built and am looking forward to joining this journey with them,” said Rinki Sethi. “The idea is to democratize and demystify data privacy and encryption. As we move toward a world where every human will have ’privacy traces’ online, we are tackling a real-world issue. Data security is not only one of today's hot topics but also the topic of tomorrow.”

**About Vaultree**

Vaultree has developed the world’s first Fully Functional Data-in-Use Encryption solution that solves the industry’s fundamental security issue: persistent data encryption, even in the event of a leak. Vaultree enables enterprises, including those in the financial services and healthcare / pharmaceutical sectors, to mitigate the great financial, cyber, legal, reputational, and business risk of a data breach in plain text. With Vaultree, organizations process, search and compute ubiquitous data at scale, without ever having to surrender encryption keys or decrypt server-side. If a leak occurs, Vaultree’s data-in-use encryption persists, rendering the data unusable to bad actors. Integrating Vaultree into existing database technologies is seamless, requiring no technology or platform changes. Vaultree is a privately held company based in Ireland and the U.S. For more information, please visit www.vaultree.com.

Vaultree Appoints Technology Industry Veteran Rinki Sethi to Its Board of Directors

State of XIoT Security Report: 2H 2022 from Claroty's Team82 reveals positive impact by researchers on strengthening XIoT security and increased investment among XIoT vendors in securing their products.

**NEW YORK****,** **Feb. 14, 2023** **/PRNewswire/ --** Cyber-physical system vulnerabilities disclosed in the second half (2H) of 2022 have declined by 14% since hitting a peak during 2H 2021, while vulnerabilities found by internal research and product security teams have increased by 80% over the same time period, according to the State of XIoT Security Report: 2H 2022 released today by Claroty, the cyber-physical systems protection company. These findings indicate that security researchers are having a positive impact on strengthening the security of the Extended Internet of Things (XIoT), a vast network of cyber-physical systems across industrial, healthcare, and commercial environments, and that XIoT vendors are dedicating more resources to examining the security and safety of their products than ever before.

Compiled by Team82, Claroty's award-winning research team, the sixth biannual State of XIoT Security Report is a deep examination and analysis of vulnerabilities impacting the XIoT, including operational technology and industrial control systems (OT/ICS), Internet of Medical Things (IoMT), building management systems, and enterprise IoT. The data set comprises vulnerabilities publicly disclosed in 2H 2022 by Team82 and from trusted open sources including the National Vulnerability Database (NVD), the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), \[email protected\], MITRE, and industrial automation vendors Schneider Electric and Siemens.

"Cyber-physical systems power our way of life. The water we drink, the energy that heats our homes, the medical care we receive – all of these rely on computer code and have a direct link to real-world outcomes," said Amir Preminger, VP research at Claroty. "The purpose of Team82's research and compiling this report is to give decision makers in these critical sectors the information they need to  properly assess, prioritize, and address risks to their connected environments, so it is very heartening that we are beginning to see the fruits of vendors' and researchers' labor in the steadily growing number of disclosures sourced by internal teams. This shows that vendors are embracing the need to secure cyber-physical systems by dedicating time, people, and money to not only patching software and firmware vulnerabilities, but also to product security teams overall."

**Key Findings**

*   **Affected Devices:** 62% of published OT vulnerabilities affect devices at Level 3 of the Purdue Model for ICS. These devices manage production workflows and can be key crossover points between IT and OT networks, thus very attractive to threat actors aiming to disrupt industrial operations.
*   **Severity:** 71% of vulnerabilities were assessed a CVSS v3 score of "critical" (9.0-10) or "high" (7.0-8.9), reflecting security researchers' tendency to focus on identifying vulnerabilities with the greatest potential impact in order to maximize harm reduction. Additionally, four of the top five Common Weakness Enumerations (CWEs) in the dataset are also in the top five of MITRE's 2022 CWE Top 25 Most Dangerous Software Weaknesses, which can be relatively simple to exploit and enable adversaries to disrupt system availability and service delivery.
*   **Attack Vector:** 63% of vulnerabilities are remotely exploitable over the network, meaning a threat actor does not require local, adjacent, or physical access to the affected device in order to exploit the vulnerability.
*   **Impacts:** The leading potential impact is unauthorized remote code or command execution (prevalent in 54% of vulnerabilities), followed by denial-of-service conditions (crash, exit, or restart) at 43%.
*   **Mitigations:** The top mitigation step is network segmentation (recommended in 29% of vulnerability disclosures), followed by secure remote access (26%) and ransomware, phishing, and spam protection (22%).
*   **Team82 Contributions:** Team82 has maintained a prolific, years-long leadership position in OT vulnerability research with 65 vulnerability disclosures in 2H 2022, 30 of which were assessed a CVSS v3 score of 9.5 or higher, and over 400 vulnerabilities to date.

To access Team82's complete set of findings, in-depth analysis, and recommended security measures in response to vulnerability trends, download the full State of XIoT Security Report: 2H 2022 report.

Cyber-Physical Systems Vulnerability Disclosures Reach Peak, While Disclosures by Internal Teams Increase 80% Over 18 Months

**DENVER****,** **Feb. 14, 2023** **/PRNewswire/ --** Ping Identity, the intelligent identity solution for the enterprise, has formed a new strategic alliance with Deloitte, a leader in global security consulting services, to help the organizations' shared clients improve advanced Identity Access Management (IAM) Solutions selection and onboarding. Through the alliance, Ping and Deloitte's shared clients will be able to streamline digital identity management and effectively authorize which employees, customers, vendors, and suppliers can access sensitive corporate resources.

Deloitte brings to the alliance its significant experience in identity and access management across strategy, implementation and operations-managed services for both workforce and customer IAM solutions in a global customer ecosystem. Ping Identity brings its strength in single sign-on (SSO) and multi-factor authentication (MFA) technologies as well as advanced capabilities like identity authorization, risk and fraud mitigation, and overall IAM orchestration. Deloitte and Ping's shared clients will have access to intelligent identity solutions able to scale enterprise-wide and to offer customers a secure and frictionless experience. 

"We're moving into an experience-first world where identity is paramount to enable security and frictionless interactions," said Andre Durand, CEO and founder of Ping Identity. "Our IAM solutions align well with Deloitte's deep knowledge of connected customer journeys and trusted customer experiences. This alliance will help more organizations reduce risk and accelerate time-to-value as they look to modernize their identity strategies."

As part of the alliance, Deloitte will receive Ping Identity's dedicated sales training, certifications, product roadmap updates, and marketing resources that strengthen and secure access to the cloud, mobile, SaaS, and on-premises applications across the hybrid enterprise.

"As the digitization of businesses continues to increase, providing a trusted employee and customer experience is imperative for organizations," said Nakul Sharma, a Deloitte Risk & Financial Advisory managing director, Deloitte & Touche LLP. "Offering visibility and transparency around how data is used is important to building trust throughout the enterprise as well as with consumers. Our alliance with Ping is an important step in our ecosystem growth to offer Deloitte clients enhanced identity management solutions to help secure identities and data across digital engagement channels."

As used in this document, "Deloitte" means Deloitte & Touche LLP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of our legal structure. Certain services may not be available to attest clients under the rules and regulations of public accounting.

**About Ping Identity**

At Ping Identity, we believe in making digital experiences both secure and seamless for all users, without compromise. That's digital freedom. We let enterprises combine our best-in-class identity solutions with third-party services they already use to remove passwords, prevent fraud, support Zero Trust, or anything in between. This can be accomplished through a simple drag-and-drop canvas. That's why more than half of the Fortune 100 choose Ping Identity to protect digital interactions from their users while making experiences frictionless. Learn more at www.pingidentity.com.

Ping Identity and Deloitte Forge Alliance to Give Organizations Advanced Identity and Access Solutions

**ARLINGTON, Va.****,** **Feb. 14, 2023** **/PRNewswire/ --** ThreatConnect, maker of leading threat intelligence operations (TI Ops) and risk quantification solutions, announced today the company's accelerated growth through 2022 and market leading position heading into 2023.

"With a tumultuous year marked by geopolitical and economic uncertainty that increased pressure on CISOs and their teams to improve security effectiveness and efficiency, ThreatConnect had a tremendous year in both new customer acquisition and product innovation," said Balaji Yelamanchili, CEO of ThreatConnect. "As we enter 2023, we're positioned to continue delivering market leading product innovation that enables our customers and partners to manage efficient TI Ops with quantifiable risk mitigation strategies."

**Customer & Revenue Growth** 

*   Substantial double-digit growth in new logo and expansion business, including some of the world's largest technology, financial services, healthcare, governmental, and cyber security organizations choosing ThreatConnect for their TI Ops and risk quantification initiatives.
*   Expanded risk quantification and TI Ops deployments with three of the top five software companies in the world, 12 global financial services organizations, and 33 other large enterprise customers.
*   Now serving nearly 200 global customers, including five of the top 10 software companies in the world, three of the top five airlines, three of the top five pharmaceutical companies, two of the top five insurance providers, and more than 10 defense and federal agencies.

**Threat Intelligence Operations Innovation**

The company's product and engineering teams delivered a variety of new features that enable cyber threat intelligence (CTI) teams to more efficiently investigate and create intelligence, and work with security operations (SecOps) teams to consume and operationalize threat intelligence.  These new features are designed to deliver better security outcomes in terms of mean time to detect (MTTD) and mean time to resolve (MTTR) potential threats and incidents, and drive efficiencies across teams and tools.

**Specific Innovations:** 

ThreatConnect made many useful product enhancements, including:

*   ThreatConnect's Collective Analytics Layer (CAL™), powered by Big Data and Machine Learning, increased its volume of data by 25% versus prior year to over 176 billion points of data used for scoring potential indicators of compromise (IOCs), providing insights for investigations, and categorizing relationships between indicators, threat actors, malware, and campaigns. By merging anonymized insights from ThreatConnect users with this massive data set creates the ability to have better confidence scoring and enrichment on potential IOCs that very few other players in the market can claim.
*   Natural Language Processing (NLP) capabilities to recognize MITRE ATT&CK® techniques by extracting insights from open source blogs, research, and other sources. This enables customers to get faster insights on relevant threats they are investigating.
*   Highly intuitive graph investigation capability that incorporates the customer's threat intelligence and internal case & investigation data, with insights from CAL's Automated Threat Library, including threat actors, campaigns, and ATT&CK techniques, and a growing number of third-party intelligence and enrichment sources.
*   A new reporting engine that makes it easy to create and disseminate threat intelligence reports with graphs, tables, images, and narrative descriptions.
*   New Enrich Anywhere capability automates the addition of context to indicators of compromise, allowing users to easily identify false positives and pinpoint actionable intelligence.  
*   Streamline the work of the SOC by infusing relevant threat intelligence directly into every step of their case workflow, and allowing for relevant artifacts and findings to be promoted for validation as threat intelligence by the CTI team.
*   Measure the work being done by the team with case and analyst efficiency metrics.
*   Stronger multi-tenant management of clients for MSSP and multi-tiered organizations with the introduction of Super Admin Users who can answer RFI's or work alongside analysts in other organizations without leaving their ThreatConnect instance.

**Risk Quantification Break Out Year**

*   Significant double digit annual sales growth, including new customers in healthcare, finance and manufacturing.
*   Launched technology alliance and go-to-market partnership with SecurityScorecard, resulting in 14 net new customers.
*   New go-to-market partnership with 3 of the top global software vendors.

**Industry recognition**

Winner of multiple industry accolades, including the Global Infosec Awards, Cybersecurity Excellence Award, and the top 100 most Innovative Cybersecurity companies by Expert Insights.

**Experienced Leadership and Board Advisors**

In 2022, the company added seasoned cybersecurity operators to its executive ranks with cybersecurity veterans. Balaji Yelamanchili, previously EVP and General Manager of Symantec's Enterprise Security business, joined the company as Chief Executive Officer.  Burney Barker, a veteran of Forescout, Gigamon, and Dell EMC, joined the company as Chief Revenue Officer.  In the Chief Marketing Officer role, Charles Gold joined the company, bringing more than 25 years of executive experience at category leaders including Sonatype, Virtru, and FireMon.

The company also added an elite group of enterprise cybersecurity leaders as Board Advisors.  This esteemed group includes Colin Anderson, current CISO at Ceridian and former CISO at Safeway and Levi Straus, Myrna Soto former CISO at MGM and Comcast and current Board member at Spirit Airlines and Trinet, and Patrick Joyce, CISO at Medtronic.  They will advise the company's Board and executive team on strategic product and go-to-market matters.

"Enterprises are transforming  their approach to security operations to support their move to the cloud and the digital economy while at the same time addressing a growing threat landscape and emerging threats like ransomware,"  said Yelamanchili.   "Our TI Ops and risk quantification solutions are critical to these initiatives and, given our momentum in 2022 and near term product roadmap, I couldn't be more excited about this coming year."

**About ThreatConnect**

ThreatConnect enables threat intelligence operations, security operations, and cyber risk management teams to work together for more effective, efficient, and collaborative cyber defense and protection. With ThreatConnect, organizations can infuse ML and AI-powered threat intel and cyber risk quantification into their work, allowing them to orchestrate and automate processes to get the necessary insights, and respond faster and more confidently than ever before. More than 200 enterprises and thousands of security operations professionals rely on ThreatConnect every day to protect their organizations' most critical assets.

ThreatConnect Closes 2022 with Accelerated Growth in Threat Intelligence Operations (TI Ops)

**CHANDLER, Ariz.****,** **Feb. 14, 2023** **/PRNewswire/ --** SynSaber, an ICS/OT cybersecurity monitoring company, today announced the launch of its OT PCAP Analyzer tool. The free tool allows users to view a high-level breakdown of the device and protocol information contained within a packet capture (PCAP) file.

The OT PCAP Analyzer is available for early access during the S4x23 ICS Security event. Attendees will be the first to have the opportunity to see live demos of the OT PCAP Analyzer at SynSaber's booth.

SynSaber's OT PCAP Analyzer (affectionately dubbed "OPA!" by internal team members) provides quick visibility into a snapshot of your network segment. The tool works entirely in memory, allowing for detailed offline analysis of industrial PCAP files. The OT PCAP Analyzer is designed with the operational technology (OT) security community in mind, from operators and plant managers to compliance managers and other cybersecurity-minded individuals.

Users upload a PCAP file and receive a visual breakdown of the network traffic and a complete list of the devices communicating within that snapshot of the network. With the OT PCAP Analyzer, users can:

*   View device metadata, including IP addresses, vendor name, class (IT/OT), and subclass type (workstation, PLC, virtualization, etc.)
*   Identify protocols, protocol communications, and the directions of these communications
*   View a map of which devices are communicating with each other
*   Filter device view by time, protocol, CIDR, or manufacturer

_"We created the OT PCAP Analyzer to simplify the network analysis process and give operators the ability to visualize their environment like never before,"_ says Benji Vesterby, Principal Engineer at SynSaber. _"The tool empowers analysts, auditors, and anyone tasked with maintaining industrial security to visually read and understand PCAP files without digging through raw network data for relevant information._"

To learn more about the OT PCAP Analyzer and get early access, visit https://synsaber.com/product/ot-pcap-analyzer.

**About SynSaber**

SynSaber is the simple, flexible, and scalable industrial asset and network monitoring solution that provides continuous insight into the status, vulnerabilities, and threats across every point in the industrial ecosystem, empowering operators to observe, detect and defend OT/IT systems and protect critical infrastructure. SynSaber is privately held with funding from SYN Ventures, Rally Ventures, and Cyber Mentor Fund. Learn more at SynSaber.com.

SOURCE SynSaber

SynSaber Launches a Free OT PCAP Analyzer Tool for the Industrial Security Community

Industry standards must evolve as digital transformation makes all companies software companies. Security testing boosts development speed and software quality.

You've probably heard this phrase more than a few times by now: _Every company today is a software company._ On the surface, it's easy to connect a few dots and understand why this phrase rings true. The digital transformation is, quite literally, changing every aspect of our world so that it is in some way digitally connected. For instance, instead of going to a bank to cash a check, your bank now has an app on your phone to accomplish this.

Regardless of industry, every organization today truly must be a software company. On the customer-facing front, this usually means an easy-to-use, high-quality, accessible application. But what does it mean for organizations themselves? The automotive industry is offering some surprising and helpful lessons on the depths to which every sector and company are embracing software as part of everyday business, and why cybersecurity is directly linked to this.

**The Automotive Industry's Software Evolution**

Like every other industry, the automotive industry has been evolving and embracing new technology. In the past few decades, building a car has gone from being almost entirely hardware focused to adding a full fleet of software capabilities. Most modern cars today have features that weren't even around 20 years ago, including:

● Information and entertainment systems with voice assistants, connectivity for navigation, and streaming services

● Sensors to assist with safe driving or, in some cases, full self-driving capabilities

To accomplish this, car manufacturers that have been around for decades had to adapt, investing in adding an entire division dedicated to software development. For example, Volkswagen created Cariad, its in-house software company, which employs 5,000 software engineers and makes Volkswagen one of the largest software companies in Germany.

The quick pivot many manufacturers have made to modern "smart" cars is impressive. But it also has come with added risk and responsibility. Traditionally, the automotive industry's security regulations and standards have been focused on functional safety, like ISO 26262, which addresses compliance for safety-related systems that include electrical or electronic components. But with software added to the mix of what makes up today's vehicles, industry standards have needed to evolve.

**Automotive Cybersecurity Standards Are Increasing**

Wherever software exists, so too does the risk of a cybersecurity-related incident. When we evolved the concept of a car from four wheels and an engine to include entertainment, connectivity, and so on, we accepted increased risk. And like with the software used in every other type of business, cybersecurity vulnerabilities, risks, and hacks are all on the rise. In December, a Sirius XM radio connected vehicle service exposed several car brands to remote hackers attacks due to a vulnerability. The connected service is currently used by more than 12 million cars in North America, including Acura, BMW, Honda, Hyundai, and Toyota.

The International Organization of Standardization is addressing the makeup of modern cars with ISO/SAE21434:2021. The standard includes engineering requirements for cybersecurity risk management, from concept to development, production, operation, and maintenance. Only software that complies with this ISO standard is allowed to be built into cars today.

**Lessons Learned**

At first, automotive developers might feel apprehensive that these added cybersecurity requirements could be a pain point that would slow the production and shipping of their software. After all, it's another bullet point of responsibility added to their job description, and one for which they likely didn't sign up.

Luckily, modern cybersecurity tools are allowing security testing to fit into the software development life cycle (SDLC). A variety of approaches to security scanning, including static application security testing (SAST), dynamic application security testing (DAST), and feedback-based application security testing can be used together to effectively test applications for vulnerabilities and bugs while an application is still in development.

What automotive developers have learned through this process is that contrary to their initial fears of development being slowed by added cybersecurity requirements, once security scanning is up and running within their continuous integration/continuous delivery (CI/CD) development process, the pipeline is faster and more efficient than before. As bugs and flaws are discovered earlier and earlier in development, they're fixed before they get to production. This saves on the costs and time traditionally associated with going back later to fix these issues. The further a bug or flaw moves through the software development life cycle, the more it costs to fix, and of course, if it makes its way to production, the more vulnerable the software is to a potential cybersecurity attack.

**Cybersecurity: A Competitive Advantage**

The automotive industry is just one of many sectors that are seeing added ISO standards focused on cybersecurity. Healthcare, aviation, energy, finance, and many more are keeping pace or following closely behind with new cybersecurity standards of their own, as software becomes an increasingly critical component in every part of our world. All organizations need to be prepared to prioritize and implement cybersecurity capabilities (if they haven't already). They also need to have developers with the experience and expertise required to understand that when correctly implemented, security testing can improve the speed of development and the overall quality and security of software.

Lessons All Industries Can Learn From Automotive Security

It's not just Internet-accessible hosts that are vulnerable, researchers say.

Security teams working to secure their organizations against a nearly two-year-old vulnerability in VMware's ESXi hypervisor technology that attackers suddenly began exploiting en masse last week must pay attention to all ESXi hosts in the environment, not just Internet-accessible ones.

That's the advice of security vendor Bitdefender after it analyzed the threat and discovered that attackers can exploit it in multiple ways.

**Two-Year-Old Flaw**

The vulnerability in question, CVE-2021-21974, is present in VMware's implementation of a service delivery protocol in ESXi called Open Service Location Protocol (OpenSLP). The vulnerability gives unauthenticated attackers the ability to remotely execute malicious code on affected systems without any user interaction.

VMware disclosed the vulnerability in February 2021 and issued a patch for it at the same time. Since then, attackers have targeted it heavily and made CVE-2021-29174 one of the most exploited vulnerabilities in 2021 and 2022. On Feb. 3, France's computer emergency response team warned about bad actors exploiting CVE-2021-21974 to distribute a ransomware variant dubbed ESXiArgs ransomware on ESXi hosts around the world.

The widespread nature of the attacks prompted the US Cybersecurity and Infrastructure Security Agency (CISA) to release a recovery script that victims of ESXiArgs could use to try to recover their systems.

Martin Zugec, technical solutions director at Bitdefender, says though the initial compromise vector remains unknown, a popular theory is that it is via direct exploitation through Internet-exposed port 427. VMware itself has recommended that if organizations cannot patch immediately, they should block access to port 427.

While that measure can slow down an adversary, it does not eliminate risk from the flaw entirely because attackers can exploit the vulnerability in other ways as well, Zugec says. If an organization blocks port 427, for instance, an attacker could still compromise one of the virtual machines running on an ESXi host via any existing vulnerability.

They could then escape the compromised virtual machine to exploit the vulnerability in OpenSLP and gain root access to the host, he says.

**Other Ways to Exploit Flaw**

"Threat actors can use any existing vulnerability to compromise a virtual machine — whether it's Linux or Windows-based," Zugec notes.

A threat actor can also relatively easily buy on the Dark Web access to a previously compromised virtual machine and attempt OpenSLP remote code execution against the hosting hypervisor, he says.

"If successful, the threat actor can gain access not only to the hypervisor host, but also to all other machines running on the same server," Zugec says. "The OpenSLP exploit in this case would allow a threat actor to escalate their access and move laterally to other — potentially more valuable — machines."

Zugec says Bitdefender has so far seen no evidence of attackers exploiting the VMware ESXi vulnerability in this manner. But, given the major focus on direct exploitation via port 427, Bitdefender wanted to warn the public about other methods to exploit this vulnerability, he says. In addition to blocking access to port 427, VMware has also recommended that organizations that cannot patch CVE-2021-21974 simply disable SLP where possible.

**Shades of WannaCry**

Bitdefender said its analysis of the latest attacks targeting CVE-2021-21974 suggest that the threat actors behind them are opportunistic and not very sophisticated. Many of the attacks appear completely automated in nature, from initial scans for vulnerable systems to ransomware deployment.

"We can compare this to WannaCry," Zugec notes. "While these attacks can reach a wide range of machines, the impact remains limited."

But more sophisticated threat actors would use the flaw in ESXi to conduct a much larger operation, he says. Initial access brokers, for instance, could deploy a remote Web shell and disable SLP service so other threat actors cannot exploit the same flaw. They could then simply lie in wait for the best opportunity to monetize their access. Potential options could include data theft, surveillance, and cryptojacking.

To fully address the risk of a cyberattack exploiting the VMware vuln, Bitdefender — like VMware and others — recommends that organizations apply the patch for it immediately.

Embattled VMware ESXi Hypervisor Flaw Exploitable in Myriad Ways

Competitor markets working to replace Hydra's money-laundering services for cybercriminals.

During the first few months of 2022, business was booming at Hydra Marketplace, _the_ premiere Dark Web destination for cybercrime money laundering and selling narcotics and other illegal goods and services.

In fact, until its takedown in April 2022, Hydra owned a full 93% of all illicit underground economic activities.

Here's how massive Hydra's presence was on the Dark Web: In the days leading up to Hydra's takedown, the average daily revenue for all underground markets was about $4.2 million. That number fell to just $447,000 after Hydra disappeared, according to new data released by Chainalysis.

Year-over-year, Dark Web marketplace revenues at the end of 2021 were about $3.1 billion, but by the end of 2022 they totaled only about $1.5 billion.

**Hydra Takedown Leaves Void**

Fast forward 10 months after the demise of Russian-based Hydra, and the Dark Web marketplace ecosystem is still struggling to recover. Namely, it's been tough to replicate or replace Hydra's money-laundering services for cybercriminals.

Out of the rubble of the demolished Hydra Marketplace, three early contenders for biggest player emerged: OMG!OMG! Market, Blacksprut, and Mega Darknet Market, according to Chainalysis' research.

Early on, OMG was the frontrunner, peaking at just over 65% of the underground market business, but a June distributed denial-of-service (DDoS) attack on OMG drove users to competitors Mega Darknet Market and Blacksprut Market, according to Chainalysis.

So far, no other marketplace has been able to dominate the Dark Web market like Hydra did in its heyday.

**Fraud Services Falter Post-Hydra**

Four of the top five most successful darknet markets focused on illicit substance sales. The fifth, a platform called "Brian Dumps," is the only one among the top underground marketplaces dealing in stolen credit card and other personally identifying information (PII), a business model Chainalysis calls a "fraud shop."

Bypass Shop, another similar fraud shop, was shuttered by Russian authorities last March, the report said. Brian Dumps appears to have also suffered some disruption last October, dropping its revenues for that month to zero, according to Chainalysis. But the reason behind the issue remains unclear.

**A New Mission**

Mounting struggles in the darknet ecosystem present an enormous opportunity to absorb Hydra's user base and reign the underground supreme. But the key to attracting users to these platforms is providing cryptocurrency and fiat currency-laundering services, the research shows.

All three top markets, Mega Darknet, Blacksprut, and OMG, show signs they have started offering cryptocurrency money-laundering services to lure in Hydra users, according to Chainalysis. There is also some evidence of collaboration between the platforms, the report pointed out.

Early after Hydra's closure, OMG's market share of business exploded because it offered money-laundering services, says Eric Jardine, cybercrimes research lead at Chainalysis. That business shifted to Mega Darknet once it was able to spin up similar services.

**New Cybercrime Business Opportunity**

Dark Web marketplaces are evolving into financial services providers for cybercriminals, Jardine says.

"With Hydra and the evolution of money-laundering services as a feature of the darknet market ecosystem, a number of new financial motivations come into play," Jardine says. "Previous markets, such as Silk Road, largely connected buyers and sellers of drugs, but providing money laundering and fiat currency off-ramp services to cybercriminals ties darknet markets more to the ebb and flow of ransomware and cybercrime than had previously been the case."

As these platforms continue to provide digital asset services, cybercriminals will be motivated to commit more digital asset-based cybercrimes, says Karl Steinkamp, with cybersecurity advisory firm Coalfire.

Dark Web Revenue Down Dramatically After Hydra's Demise

The network is alleged to have operated 100 bank accounts and stolen millions from American people and companies.

Nine suspects have been arrested — eight in Madrid and one in Miami — for their suspected participation in a cybercriminal organization accused of stealing more than 5 million euros from unsuspecting victims in less than a year.

The joint operation between the Spanish National Police and the US Secret Service traced the group's activities to more than 100 bank accounts created to collect stolen money, which they would then withdraw at cash machines, transfer abroad, or convert into cryptocurrency, the Spanish National Police said in an announcement of the takedown.

The ring targeted American people and companies with social engineering phishing emails and SMS text messages to gather sensitive data, then followed up with so-called "vishing" phone calls to collect the remaining information required to defraud victims.

The authorities of Panama, Spain, and the US seized assets belonging to the accused cybercriminals, including assets of more than a half-million euros and expensive watches estimated to be worth about 200,000 euros.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

9 Scammers Busted for 5M Euro Phishing Fraud Ring

Morphus's deep cybersecurity research expertise, cyber defense and threat intelligence services widen Accenture's cybersecurity footprint in Latin America.

**FORTALEZA, Brazil and NEW YORK; Feb. 13, 2023 –** Accenture (NYSE: ACN) has acquired Morphus, a privately held Brazil-based cyber defense, risk management and cyber threat intelligence services provider, expanding its practice capabilities in Brazil and Latin America. Financial terms were not disclosed.

Founded in 2003, Morphus is headquartered in Fortaleza, which is in the Ceará region in northeastern Brazil, with offices in Recife, São Paulo, Rio de Janeiro and Santiago, Chile. Morphus’s end-to-end portfolio includes red and blue team services; governance, risk and compliance services; enterprise risk management; cyber strategy; threat intelligence; and managed security services (MSS). 

According to Accenture’s recent Cyber Threat Intelligence research, Brazil is one of the top victims of infostealer malware – a malicious software designed to steal victim information such as passwords. 

“Together with the capabilities and experienced leadership of Morphus, we will work as one team to help organizations build a cyber resilient business and better secure their digital core, their technology and supply chains,” said Paolo Dal Cin, who leads Accenture Security globally. “The acquisition brings more than 230 highly skilled professionals, making Accenture one of the largest cybersecurity professional services providers in Brazil. Our clients are always looking for the best solutions to strengthen their cyber defenses, and the addition of Morphus expands our global research workforce and network of talented, innovative security professionals.”

The acquisition expands Accenture’s portfolio and marks the launch of a Cyber Industry practice in Latin America led by seasoned former CISOs from Morphus. The new offerings also expand Accenture’s position in Growth Markets in Morphus’s primary industry groups: communications media and technology, financial services, energy, retail and aviation.

Rawlison Brito, CEO of Morphus, said: “We believe that security and science go hand-in-hand. With Accenture, we can continue our cyber threat research and expand our advanced studies of cybersecurity by collaborating with security research experts on a global scale. We are excited to join Accenture to offer our thought leadership and better serve our clients by providing market-leading services and stronger cyber defense protection in Latin America.”

With a strong footprint in Brazil and Chile, the acquisition brings to Accenture Morphus Labs, a research facility in Fortaleza dedicated to cybersecurity studies, vulnerability and threat analysis and MSS. This will add a new Cyber Fusion Center in Fortaleza to Accenture’s existing global network, which includes Morphus’s cybersecurity R&D capabilities.

Andre Fleury, Accenture Security lead for Latin America, said: “The cybersecurity team at Morphus will accelerate the growth of our Cyber Industry practice in the region, nearly doubling our security footprint in Brazil. The acquisition complements our global Security practice and will enable us to help our clients embed security by design and enhance the offerings we provide across a wide variety of industries in Latin America.”

Last year, Accenture was recognized as a leader in strategic security services and MSS in Brazil by ISG.

Since 2015, Accenture Security has made 16 acquisitions. Following its January 2020 acquisition of Symantec’s Cyber Security Services business, Accenture became one of the leading global providers of MSS. Accenture further strengthened its cyber defense and MSS capabilities through the acquisition of Brazil-based Real Protect, and European cyber companies Sentor and Openminded in 2021.

**Forward-Looking Statements**

Except for the historical information and discussions contained herein, statements in this news release may constitute forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. Words such as “may,” “will,” “should,” “likely,” “anticipates,” “aspires,” “expects,” “intends,” “plans,” “projects,” “believes,” “estimates,” “positioned,” “outlook,” “goal,” “target” and similar expressions are used to identify these forward-looking statements. These statements are not guarantees of future performance nor promises that goals or targets will be met, and involve a number of risks, uncertainties and other factors that are difficult to predict and could cause actual results to differ materially from those expressed or implied. These risks include, without limitation, risks that: the transaction might not achieve the anticipated benefits for Accenture; Accenture’s results of operations have been, and may in the future be, adversely affected by volatile, negative or uncertain economic and political conditions and the effects of these conditions on the company’s clients’ businesses and levels of business activity; Accenture’s business depends on generating and maintaining client demand for the company’s services and solutions including through the adaptation and expansion of its services and solutions in response to ongoing changes in technology and offerings, and a significant reduction in such demand or an inability to respond to the evolving technological environment could materially affect the company’s results of operations; if Accenture is unable to match people and their skills with client demand around the world and attract and retain professionals with strong leadership skills, the company’s business, the utilization rate of the company’s professionals and the company’s results of operations may be materially adversely affected; Accenture faces legal, reputational and financial risks from any failure to protect client and/or company data from security incidents or cyberattacks; the markets in which Accenture operates are highly competitive, and Accenture might not be able to compete effectively; Accenture’s ability to attract and retain business and employees may depend on its reputation in the marketplace; Accenture’s environmental, social and governance (ESG) commitments and disclosures may expose it to reputational risks and legal liability; if Accenture does not successfully manage and develop its relationships with key ecosystem partners or fails to anticipate and establish new alliances in new technologies, the company’s results of operations could be adversely affected; Accenture’s profitability could materially suffer if the company is unable to obtain favorable pricing for its services and solutions, if the company is unable to remain competitive, if its cost-management strategies are unsuccessful or if it experiences delivery inefficiencies or fail to satisfy certain agreed-upon targets or specific service levels; changes in Accenture’s level of taxes, as well as audits, investigations and tax proceedings, or changes in tax laws or in their interpretation or enforcement, could have a material adverse effect on the company’s effective tax rate, results of operations, cash flows and financial condition; Accenture’s results of operations could be materially adversely affected by fluctuations in foreign currency exchange rates; changes to accounting standards or in the estimates and assumptions Accenture makes in connection with the preparation of its consolidated financial statements could adversely affect its financial results; as a result of Accenture’s geographically diverse operations and strategy to continue to grow in key markets around the world, the company is more susceptible to certain risks; if Accenture is unable to manage the organizational challenges associated with its size, the company might be unable to achieve its business objectives; Accenture might not be successful at acquiring, investing in or integrating businesses, entering into joint ventures or divesting businesses; Accenture’s business could be materially adversely affected if the company incurs legal liability; Accenture’s global operations expose the company to numerous and sometimes conflicting legal and regulatory requirements; Accenture’s work with government clients exposes the company to additional risks inherent in the government contracting environment; if Accenture is unable to protect or enforce its intellectual property rights or if Accenture’s services or solutions infringe upon the intellectual property rights of others or the company loses its ability to utilize the intellectual property of others, its business could be adversely affected; Accenture may be subject to criticism and negative publicity related to its incorporation in Ireland; as well as the risks, uncertainties and other factors discussed under the “Risk Factors” heading in Accenture plc’s most recent Annual Report on Form 10-K and other documents filed with or furnished to the Securities and Exchange Commission. Statements in this news release speak only as of the date they were made, and Accenture undertakes no duty to update any forward-looking statements made in this news release or to conform such statements to actual results or changes in Accenture’s expectations.

**About Accenture** 

Accenture is a leading global professional services company that helps the world’s leading businesses, governments and other organizations build their digital core, optimize their operations, accelerate revenue growth and enhance citizen services—creating tangible value at speed and scale. We are a talent and innovation led company with 738,000 people serving clients in more than 120 countries. Technology is at the core of change today, and we are one of the world’s leaders in helping drive that change, with strong ecosystem relationships. We combine our strength in technology with unmatched industry experience, functional expertise and global delivery capability. We are uniquely able to deliver tangible outcomes because of our broad range of services, solutions and assets across Strategy & Consulting, Technology, Operations, Industry X and Accenture Song. These capabilities, together with our culture of shared success and commitment to creating 360° value, enable us to help our clients succeed and build trusted, lasting relationships. We measure our success by the 360° value we create for our clients, each other, our shareholders, partners and communities. Visit us at www.accenture.com.

Accenture Security is a leading provider of end-to-end cybersecurity services, including advanced cyber defense, applied cybersecurity solutions and managed security operations. We bring security innovation, coupled with global scale and a worldwide delivery capability through our network of Advanced Technology and Intelligent Operations centers. Helped by our team of highly skilled professionals, we enable clients to innovate safely, build cyber resilience and grow with confidence. Follow us @AccentureSecure on Twitter, LinkedIn or visit us at accenture.com/security.

Source

DARKReading