Darktrace Blog Posts
Archive

All Posts

Attack Surface Management
Cloud
Apps
Zero Trust
HEAL
PREVENT
DETECT
Ask The Expert (ATE)
Proactive Threat Notifications (PTN)
Cyber AI Analyst
Apps - AWS
OT
Apps - Azure
Apps - Microsoft 365
Endpoint
Email
RESPOND
Network
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Default Darktrace Blog Post ImageBlog post image
In early 2024, the TA577 threat group was observed utilized a new attack chain to steal NTLM authentication data. Targets received a phishing email containing a ZIP file attachment which facilitated connection to malicious infrastructure, with NTLM hashes ultimately gathered by attackers. Here we detail Darktrace’s detection of this activity across its customer base.
2024
Jul 9, 2024
No items found.
Default Darktrace Blog Post ImageBlog post image
This blog examines the tactics, techniques and procedures associated with the notorious Ransomware-as-a-Service operator Qilin. Darktrace’s Threat Research team investigated several examples of Qilin actors targeting Darktrace customers between 2022 and 2024.
2024
Jul 4, 2024
No items found.
Default Darktrace Blog Post ImageBlog post image
Credential phishing remains one of the most significant cybersecurity threats organizations face today. This blog will explore the various attack methods and defense strategies associated with credential phishing.
2024
Jul 8, 2024
No items found.
Default Darktrace Blog Post ImageBlog post image
Darktrace continues to innovate with Microsoft in the shared mission to deliver proactive cyber protection tailored to every organization. Joint customers benefit from two distinct, complementary security approaches – combining large scale threat intelligence with enterprise-native security insights – to address the full range of email threats.
2024
Jun 27, 2024
Email
Default Darktrace Blog Post ImageBlog post image
Darktrace/Email detected a phishing attack that had originated from LinkedIn, where the attacker impersonated a well known construction company to conduct a credential harvesting attack on the target. Darktrace’s ActiveAI Security Platform played a critical role in investigating the activity and initiating real-time responses that were outside the physical capability of human security teams.
2024
Jun 25, 2024
Email
Default Darktrace Blog Post ImageBlog post image
This blog investigates the network-based activity detected by Darktrace in compromises stemming from the exploitation of a vulnerability in Palo Alto Networks firewall devices, namely CVE-2024-3400.
2024
Jun 20, 2024
No items found.
Default Darktrace Blog Post ImageBlog post image
Vendors are scrambling to compare MTTD metrics laid out in the latest MITRE Engenuity ATT&CK® Evaluations. But this analysis is reductive, ignoring the fact that in cybersecurity, there are far more metrics that matter.
2024
Jun 25, 2024
No items found.
Default Darktrace Blog Post ImageBlog post image
This blog investigates Medusa ransomware, a Ransomware-as-a-Service (RaaS) variant that is known to use living off the land techniques to infect target networks and move towards its ultimate goals, data encryption and exfiltration.
2024
Jun 10, 2024
No items found.
Default Darktrace Blog Post ImageBlog post image
With complex digital and physical systems, that are increasingly interconnected, the expanding attack surface calls for a unified security solution. Explore the challenges, risks, and potential solutions for organizations aiming at securing distribution centers from cyber threats.
2024
Jun 12, 2024
No items found.
Default Darktrace Blog Post ImageBlog post image
This blog examines a network compromise that stemmed from the purchase of leaked credentials from the dark web. Credentials purchased from dark web marketplaces allow unauthorized access to internal systems. Such access can be used to exfiltrate data, disrupt operations, or deploy malware.
2024
Jun 3, 2024
No items found.
Default Darktrace Blog Post ImageBlog post image
Many companies use third-party data management for efficiency, global access, collaboration, and reliability. Find out what those organizations need to know about addressing the security risks and best practices associated with third-party data management.
2024
Jun 3, 2024
No items found.
Default Darktrace Blog Post ImageBlog post image
Ensuring trust, battling ransomware, and detecting novel attacks pose critical challenges in network security. This blog explores these challenges and shows how leveraging AI-driven security solutions helps security teams stay informed and effectively safeguard their network.
2024
Jun 21, 2024
Network
Default Darktrace Blog Post ImageBlog post image
This blog delves into Darktrace’s investigation into the exploitation of the Citrix Bleed vulnerability on the network of a customer in late 2023. Darktrace’s Self-Learning AI ensured the customer was well equipped to track the post-compromise activity and identify affected devices.
2024
May 28, 2024
Network
Default Darktrace Blog Post ImageBlog post image
In recent months, we’ve seen a dramatic rise in the number of attacks using Microsoft Teams as a threat vector. This blog will explore why Teams is becoming such a popular entry point, how built-in and market security offerings fail to address sophisticated Teams threats, and why behavioral AI is the solution to early detection of Teams-based social engineering and account compromise.
2024
May 21, 2024
Email
Default Darktrace Blog Post ImageBlog post image
In this blog we examine how Darktrace was able to detect and block malicious phishing emails sent via Microsoft Teams that were impersonating an international hotel chain.
2024
May 20, 2024
No items found.
Default Darktrace Blog Post ImageBlog post image
This blog explores how Darktrace/Email was able to successfully identify a wave of phishing emails sent from addresses belonging to a major fast-food chain which were leveraged in a coordinated attack. Despite the use of non-English language emails and payloads hidden behind QR codes, Darktrace was able to detect the attack and block the phishing emails in the first instance.
2024
May 15, 2024
No items found.
Default Darktrace Blog Post ImageBlog post image
Part 3: This blog discusses the impact of AI on cybersecurity solutions based on data from Darktrace’s State of AI Cybersecurity Report. Get the latest insights into the evolving challenges faced by organizations, the growing demand for skilled professionals, and the need for integrated security solutions by downloading the full report.
2024
May 13, 2024
No items found.
Default Darktrace Blog Post ImageBlog post image
This blog focuses on the exploitation of the ConnectWise ScreenConnect vulnerabilities (CVE-2024-1708 and CVE-2024-1709) and Darktrace’s coverage of affected customer networks in early 2024.
2024
May 10, 2024
No items found.
Default Darktrace Blog Post ImageBlog post image
Most email security solutions either assume end-user reporting is of poor quality, so don’t prioritize it, or triage every user-reported email equally without any attempt to improve long-term efficiency. This blog explores how Darktrace aims to improve user reporting from the ground up, reducing the 90% falsely reported phishing and decreasing the load on security teams.
2024
May 8, 2024
Email
Default Darktrace Blog Post ImageBlog post image
This blog explores how Darktrace’s combined AI approach enabled it to identify and connect an attack that took place over three critical areas of a customer’s digital environment, namely email, SaaS and network.
2024
Apr 30, 2024
No items found.
Default Darktrace Blog Post ImageBlog post image
Using data from Darktrace's End of Year Threat Report 2023 this blog details how cyber attackers are increasingly using cloud-based services including Dropbox and Microsoft 365 to stealthily bypass detection by traditional email security solutions.
2024
Apr 29, 2024
No items found.
Default Darktrace Blog Post ImageBlog post image
This blog examines CACTUS, a relatively new strain of ransomware that first appeared in the threat landscape in March 2023. In November 2023, Darktrace detected CACTUS ransomware on a US customer network and was able to provide full visibility over the attack and its kill chain.
2024
Apr 24, 2024
No items found.
Default Darktrace Blog Post ImageBlog post image
Part 2: This blog discusses the impact of AI on the cyber threat landscape based on data from Darktrace’s State of AI Cybersecurity Report. Get the latest insights into the evolving challenges faced by organizations, the growing demand for skilled professionals, and the need for integrated security solutions.
2024
Apr 22, 2024
No items found.
Default Darktrace Blog Post ImageBlog post image
This blog discusses Sliver, a legitimate C2 framework that has recently been utilized by malicious actors as an alternative to Cobalt Strike. Darktrace was able to detect multiple cases of attackers using Sliver C2 in 2023 and 2024.
2024
Apr 17, 2024
No items found.
Default Darktrace Blog Post ImageBlog post image
This blog explores Darktrace’s detection of Balada Injector, a malware known to exploit vulnerabilities in WordPress to gain unauthorized access to networks. Darktrace was able to define numerous use-cases within customer environments which followed previously identified patterns of activity spikes across multiple weeks.
2024
Apr 8, 2024
No items found.