Darktrace Blog Posts
Archive
All Posts
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Over the past few months, Darktrace has observed several cases of malicious actors registering an application called ‘PerfectData Software’ during hijackings of Microsoft 365 accounts. In this blog, we will provide details of these account hijackings, along with details of Darktrace’s coverage.
2023
Jun 5, 2023
Apps - Microsoft 365

Banking trojans, designed to steal confidential information, are constantly adapting to avoid detection from security tools. Gozi-ISFB is one of these banking trojans that has caused a recent concern, read more about how Darktrace's Self-Learning AI was able to spot these attacks.
2023
Apr 26, 2023
Network
Email


While 94% of all cyber-attacks come through the inbox, their destination is almost never email. Attacks often traverse to other areas, like cloud apps and infrastructure, endpoints, or networks. As a result, although security teams must establish a strong cornerstone of email security, they should also consider how those solutions fit into the wider security posture.
2023
Apr 17, 2023
Email

This blog demonstrates the relationship between Microsoft Defender and Darktrace security solutions. It takes a deep dive into the relationship between Darktrace DETECT, RESPOND, and Microsoft Defender, providing real examples as to how the two are able to integrate with each other and support security teams.
2023
Apr 11, 2023
No items found.

At the end of January 2023, threat actors began to abuse OneNote email attachments to deliver Qakbot onto users' devices. Widespread adoption of this novel delivery method resulted in a surge in Qakbot infections across Darktrace's customer base between the end of January 2023 and the end of February 2023. In this blog, we will provide details of these so-called 'QakNote' infections, along with details of Darktrace's coverage of the steps involved in them.
2023
Apr 5, 2023
Email
Network


This blog outlines the challenges faced by security teams in protecting organizations from email-based attacks. It explores how a modern, AI-based security solution can tackle these pain points with targeted autonomous action, frictionless UIs, optimized workflows and full visibility of account users.
2023
Apr 2, 2023
Email


As attackers move from low sophistication, spray-and-pray campaigns to more targeted and sophisticated attacks, email security needs to understand the organization, not past attacks, to be able to keep up with attacker innovation and stop novel attacks on the first time of asking.
2023
Mar 29, 2023
Email

Amadey Info-stealer malware was detected across over 30 customers between August and December 2022, spanning various regions and industry verticals. This blog highlights the resurgence of Malware as a Service (MaaS) and the leveraging of existing N-Day vulnerabilities in SmokeLoader campaigns to launch Amadey on customers’ networks. This investigation was part of Darktrace’s continuous Threat Research work in efforts to identify and contextualize threats across the Darktrace fleet, building off of AI insights through collaborative human analysis.
2023
Mar 22, 2023
No items found.

Multi-Factor Authentication (MFA) has been widely adopted as a security measure against common account takeover methods. However, the industry is seeing more and more examples of MFA compromise wherein threat actors exploit the security tool itself to gain account access.
2023
Mar 20, 2023
No items found.

Between June 2021 and June 2022, crypto-currency platforms around the world lost an estimated 44 billion USD to cyber criminals, whose modus operandi range from stealing passwords and account recovery phrases, to cryptojacking and directly targeting crypto-currency transactions.
2023
Mar 14, 2023
No items found.

Compliance breaches can significantly damage a company’s finances and reputation if not properly addressed. However, compliance is often an afterthought for security teams responding to cyber security incidents, with many organizations seeing compliance issues as “rule breaking employees” rather than legitimate threats to their network. See here how Darktrace helps organizations adhere to compliance regulations.
2023
Mar 12, 2023
Email
Apps

As the prevalence of Software-as-a-Service (SaaS) and multi-factor authentication (MFA) as a primary vector of attack continues across a variety of organizations and of every size in multiple industries, it is more important now than ever for organizations to utilize every tool at their disposal to mitigate account compromise at the earliest possible stage.
2023
Feb 21, 2023
Email
Apps

In the latter half of 2022, Darktrace observed a rise in Vidar Stealer infections across its client base. These infections consisted in a predictable series of network behaviors, including usage of certain social media platforms for the retrieval of Command and Control (C2) information and usage of certain URI patterns in C2 communications. In the blog post, we will provide details of the pattern of network activity observed in these Vidar Stealer infections, along with details of Darktrace’s coverage of the activity.
2023
Feb 9, 2023
Network

Despite the market value of cryptocurrency itself decreasing in the final quarter of 2022, the number of known cryptocurrency mining software variants had more than trebled compared to the previous year. The intensive resource demands of mining cryptocurrency has exacerbated the trend of malicious hijacking third-party computers causing slower processing speeds and higher energy bills for many companies.
2023
Feb 26, 2023
No items found.


A recent IDC report found that only 34% of companies feel like pentesting and red teaming exercises provide them with actionable insights on where and how to harden their defenses. This blog summarizes the report and explains how Darktrace PREVENT can help organizations proactively harden defenses.
2023
Feb 9, 2023
Attack Surface Management