Darktrace Blog Posts
This blog explores a low-and-slow incident which saw over 300GB of data exfiltrated from a customer network. Whilst this activity was ultimately stopped with the help of Darktrace services, it could have been prevented earlier had RESPOND been in autonomous mode.
Dec 2, 2022
This blog describes the internal and external cyber risks arising from mergers and acquisitions and how you can manage this with continuous AI-powered monitoring that outputs tangible and prioritized mitigation advice.
Dec 1, 2022
This blog addresses the issue of alert fatigue and explains how Cyber AI Analyst breaks down billions of individual events, first into anomalous events and then into prioritized security incidents ready for the security team's review.
Nov 30, 2022
Out-of-hours attacks continue to be a large stress for security teams, however with RESPOND, companies can stop threats without the need for 24/7 human monitoring. This blog explores a nighttime incident where RESPOND triggered a decisive model breach but was prevented from acting without human input.
Nov 24, 2022
Misconfigurations - whether accidental or malicious - are a growing threat in the face of rapidly expanding digital footprints comprising of cloud assets and bespoke OT technology. This blog explains how these are uncovered and remediated with Darktrace PREVENT.
Nov 22, 2022
Brand abuse involves impersonating an organization's IP to launch an attack or damage its reputation. This blog lays out how this can be pre-empted and prevented with Darktrace.
Nov 14, 2022
Since the release of version 2 of Raccoon Stealer in May 2022, Darktrace’s SOC has observed a continuous surge in Raccoon Stealer v2 activity. In this blog, we will outline the typical steps of a Raccoon Stealer v2 infection, paying close attention to the info-stealer’s network-based behaviors.
Nov 9, 2022
In March 2022, Darktrace’s 24/7 SOC team observed a fast-paced compromise involving Raccoon Stealer v1. In this blog, we will outline the steps which the Raccoon Stealer v1 sample took to exfiltrate data out of the network.
Nov 8, 2022
YanLuoWang ransomware was first used to attack a handful of US corporations in August 2021. Since then, the group have successfully ransomed organizations across the world, with global software giant Cisco among its victims. This blog post reveals Darktrace analysts' research into the organization’s structure and tactics.
Nov 7, 2022
New technique to deliver malicious email payloads: Webmail login portal hidden within Google Translate domain
Darktrace has recently detected a trend of threat actors hiding malicious links within Google Translate domains to avoid detection. In one incident, these links were used to harvest the recipients’ credentials.
Nov 4, 2022
This blog explains why shadow IT poses such a problem for cyber security professionals, and how risks can be reduced most effectively by combining attack surface management with attack path modelling and detection and response mechanisms.
Nov 3, 2022
Security check-up: How Cullman Regional Medical Center uses Darktrace to secure its patient data
Discover how Cullman Regional Medical Center secures its invaluable services and avoids potentially life-threatening cyber-attacks with Darktrace's Self-Learning AI and the Cyber AI Analyst.
Oct 27, 2022
Whilst Quantum Ransomware has been characterized by speedy and efficient attacks, Darktrace recently detected a surprising incident where the group used a long dwell time to achieve their goals. This blog explores the effect of this group's change in strategy and DETECT/Network’s coverage over the event.
Oct 27, 2022
In this blog, a Darktace analyst explores common email impersonation techniques seen by the SOC team and explains how DETECT/Email is able to identify them.
Oct 24, 2022
AutoIt is a scripting language designed for general purpose development. However, like many freeware languages, it has been exploited for malicious intent. Recently Darktrace captured the whole kill-chain of an AutoIt malware compromise, from delivery via email to payload download and subsequent C2.
Oct 19, 2022
The airline industry has long operated with thin profit margins and high security and safety standards. With cyber threats threatening downtime that many of these organizations cannot afford, Darktrace's Tony Jarvis suggests that they turn to preventative AI-driven technologies which can harden defenses before attackers make the first move.
Oct 10, 2022
The current threat landscape is rife with social engineering attempts across email, SMS and digital messaging. Discover why MFA and security awareness alone aren't enough to keep organizations safe from these tactics, and what Self-Learning AI can do to help.
Sep 28, 2022
Now one of the most popular talking points in the security world, the ransom industry continues to see growth. First ransomware, then double extortion and now simple data theft have been used to meet threat actors’ extortion needs. This blog highlights an example of this in a US customer’s SaaS environment.
Sep 21, 2022
This blog explores Darktrace's detection of a BeamWinHTTP and RedLine info stealer compromise caused by continued torrenting and a malicious download within a telecommunication customer’s environment.
Sep 14, 2022
The National Farmers' Union (NFU) is the largest farmers' organization in England and Wales. Narinder Bains, NFU's Infrastructure Manager, explains how the organization used Self-Learning AI to draw out pre-existing threats in its network, and now protects its employees in offices and at home with Darktrace/Endpoint.
Sep 13, 2022
Many emerging markets in the Global South suffer from ineffective cyber legislation and crippling skill shortages. For the organizations in these countries to remain attractive to investors, they will need to adopt tools which will secure them against new and sophisticated threats. Discover what steps are already being taken, and what organizations should be looking to do next.
Sep 5, 2022
In April 2022, Darktrace observed threat actors using the loader known as ‘BumbleBee’ to install Cobalt Strike Beacon onto target systems. This blog provides details of the steps threat actors took during their intrusions, along with details of the network-based behaviours which served as evidence of their activities.
Sep 5, 2022
At the top of every CISO’s mind sits the fear of the unknown threat. As security tools continue to improve, so do attackers. This blog explores a BlackByte ransomware incident detected by Darktrace SOC in the Summer of 2021. At the point of discovery this ransom had yet to be categorized on popular OSINT.
Aug 25, 2022
This blog aims to provide background and technical discoveries from the recent Emotet resurgence detected in early 2022 across multiple Darktrace client environments in multiple regions and industries. Predominantly in March and April 2022, Darktrace DETECT provided visibility over network activities associated with Emotet compromises using initial staged payload downloads involving algorithmically generated DLLs and subsequent outbound command and control, as well as spam activities.
Aug 23, 2022
Full-scale cyber warfare is becoming an increasingly pressing reality, and it isn't just national governments and militaries that are involved. Learn how unofficial 'IT armies' and private sector organizations are contributing to modern cyber wars, and what steps businesses can take to help national efforts.
Aug 16, 2022
Learn about the prevalence of HTML attachments in phishing emails, as observed by Darktrace’s 24/7 SOC Service.
Aug 11, 2022
Threat actor tactics in the Russo-Ukrainian conflict: analyst observations and predictions
The escalation of the conflict between Russia and Ukraine has led to fears of a full-scale cyberwar. In this discursive blog, analysts cover the most popular methods of attack in the conflict so far, some of the hacking groups involved, and the observations Darktrace has made in its own customer environments.
Aug 10, 2022
A new sheriff in town: why the city of St. Catharines turned to Darktrace to protect its digital assets
Hear from Wayne Racey, Manager of IT Operations for the City of St Catharines, Canada, as he explains how Darktrace DETECT + RESPOND buys back time for his security team and provides them with some much-needed peace of mind.
Aug 9, 2022
Making 'the next investment' in your cyber security can be a daunting task for an SMB. Discover how that investment can be maximized with AI.
Aug 8, 2022
This discursive blog explores the use of remote access tools in exploitations across OT/ICS and corporate environments. Whether restricted or supported, remote access tools are shown to benefit from the Darktrace product suite, including our DETECT, RESPOND and PREVENT product families.
Aug 4, 2022
Oakley Cox discusses the dangers posed by N-Day exploits, and explains how Darktrace PREVENT can assist security teams hoping to close up vulnerabilities before attacks can be launched against them.
Jul 28, 2022
N-days are often overlooked by security teams yet often attract just as much attention as their zero-day counterpart. This blog explores both a zero-day and n-day attack on two different customer’s SonicWall VPN server and Atlassian Confluence server, respectively, detailing how Darktrace was able to detect and intervene before any irreparable damage occurred.
Jul 27, 2022
This blog explores the network-based IOCs for PrivateLoader, a modular downloader which is increasingly being used by pay-per-install (PPI) providers to deliver malicious payloads.
Jul 27, 2022
Discover how Rudin Management manages misconfigurations and ensures the security of its buildings and clients in New York City with Darktrace RESPOND
Jul 26, 2022
What better way to launch the new Darktrace brand – with its bold logo and design – than in the McLaren Racing commandcenter as the F1 team prepared for the first practice run of the British Grand Prix?
Jul 1, 2022
Crypto-mining continues to draw massive profits for cyber attackers, who use malicious botnets like Sysrv to exploit vulnerable organizations. Discover how these botnets work around traditional security tools, and what the upcoming Darktrace Prevent product family can do to harden defenses against them.
Jun 21, 2022
This blog explores the latest vulnerability affecting the Atlassian Confluence suite in June 2022. It contains general guidance and an instance where Darktrace both detected and responded to a customer-facing exploitation of this CVE during the first weekend of in-the-wild attacks. This attack was part of wider crypto-mining activity.
Jun 13, 2022
Disinformation gives cyber-attackers opportunities to mislead and exploit organizations. Learn how Attack Surface Management provides the clarity needed to sort fact from fiction.
Jun 7, 2022
Worm-like propagation of Sysrv-hello crypto-jacking botnet: Network traffic analysis and latest TTPs
Shuh Chin Goh
This blog details the sequence of events in the cyber kill chain of a Sysrv-hello botnet infection seen on a deployment at an organization in France which was trialing Darktrace. Darktrace provided visibility at the network level through model detections and Cyber AI Analyst, giving insights into the latest TTPs of the botnet in March and April 2022.
May 26, 2022
Grief ransomware emerged suddenly last year to cause disruption across a range of industries and municipalities – but the playbook of the gang behind it struck many as familiar. Discover why DoppelPaymer became PayOrGrief, and how Darktrace’s AI helped to protect an organization from one of its sophisticated ransomware attacks.
May 26, 2022
This blog details how rapidly accounts can become compromised from an internal phishing campaign. It also highlights the actions that Antigena SaaS can take to stop this type of attack in the future.
May 26, 2022
Two leaders in their fields discuss the importance of cyber security. Discover the cyber risks in Formula 1, and what it is that separates McLaren from the rest of the pack.
May 3, 2022
This blog explores the resurgence of Emotet malware through a recent outbound malspam campaign on a wholesale trade, and explains how Autonomous Response interrupted the attack.
Apr 28, 2022
The main Darktrace user at a manufacturing organization explains how Autonomous Response reduces cyber risks arising from human error, and allows the security team to adopt a proactive rather than reactive approach to security.
Apr 26, 2022
This blog details the impact of a distributed phishing campaign against a financial services company, and highlights some of Darktrace’s analytical tools which can help security teams investigate similar threats.
Apr 21, 2022
How Darktrace’s Cyber AI Analyst accelerates reporting incidents to the US federal government
This blog explains how Darktrace helps defenders abide by US federal laws on reporting cyber security incidents, featuring a real-world example of a ransomware attack investigated by Cyber AI Analyst.
Apr 13, 2022
Darktrace vs Cobalt Strike: How Antigena intercepted and delayed a Cobalt Strike intrusion
An attacker exploited vulnerabilities in Log4j to install Bughatch, Cobalt Strike Beacon, and NetSupport onto an Internet-facing VMware Exchange server within the network of a Darktrace customer. By inhibiting the attacker’s subsequent attempts to communicate with the compromised server, Antigena Network likely prevented ransomware from being deployed.
Apr 6, 2022
In 2021 Internet-facing systems were some of the most heavily targeted for compromise. This blog explores four of the top zero-day vulnerabilities from the year and highlights how Darktrace was able to detect them.
Apr 5, 2022
This blog analyzes a campaign-like pattern detected by Darktrace across multiple customers and industries which used the Log4j vulnerability to exploit compromised systems for crypto-mining, highlighting the multi-stage attack from initial C2 contact through payload retrieval to successful crypto-miner installation.
Apr 4, 2022
This blog describes why the New Jersey State Bar Association adopted Darktrace’s Autonomous Response technology across the entire business, how it stopped a sophisticated SaaS attack, and why the IT department now refer to it as another member of the team.
Mar 30, 2022
Autonomous Response recently stopped a Trickbot attack on a public administration organization, despite being activated only after the threat had taken root. This blog outlines the reasons for Trickbot’s repeated resurrection and explains how Darktrace’s Autonomous Response is able to stop each new iteration.
Mar 23, 2022
Why Lighthouse Global uses Self-Learning AI to shine a light on spear phishing attacks
Discover why Lighthouse Global, a technology provider for legal firms and large businesses, relies on Darktrace to protect its email and cloud environment as the organization changes and grows.
Mar 10, 2022
This blog breaks down the challenges of securing high-profile events – including the ‘access paradox’, increasing IT and OT convergence, and the importance of a fast response – and explains how Self-Learning AI changes the game.
Mar 3, 2022
Today Darktrace announced the acquisition of best-in-class Attack Surface Management company Cybersprint. Read this blog to learn why this is hugely exciting for both our companies, our customers and the wider security industry.
Feb 23, 2022
This blog assesses the impact of the recent arrests associated with cyber-criminal group REvil in the wider context of the Ransomware-as-a-Service business model, exploring a real-world REvil ransomware campaign discovered by Darktrace’s AI.
Feb 14, 2022
This blog demonstrates how ransomware can spread throughout converged IT/OT environments, and how Self-Learning AI empowers organizations to contain these threats.
Feb 10, 2022
This second prediction in our Future of Cyber Security series asserts that 2022 may become one of ransomware’s most profitable years yet. Marcus Fowler explains new ransomware attacker tradecraft and what organizations need to do to keep up.
Feb 7, 2022
This blog explains why AAA Washington’s security team chose Darktrace’s Self-Learning AI over a traditional SOC, and how they expanded its coverage to endpoints and the cloud.
Feb 3, 2022
Discover the vulnerabilities opened by web-based assets, and how AI can help security teams to detect malicious assets and stay secure.
Jan 20, 2022
In the first prediction of our Future of Cyber Security series, Justin Fier explains why IT and communications is now the number one most targeted sector and why he expects the number of cyber-attacks on the software supply chain will only continue to rise in 2022.
Jan 13, 2022
Darktrace experts were on the front lines throughout 2021 – a historic year of cyber-attacks. In this blog, those experts look ahead, offering their predictions for cyber security in 2022.
Jan 7, 2022
This blog breaks down every stage of ransomware, highlighting attackers’ aims at each step, the techniques they adopt to avoid conventional defenses, and the anomalous activity that causes Darktrace AI to initiate a targeted response.
Dec 23, 2021
Darktrace’s AI has detected attackers exploiting the Log4Shell vulnerabilities across multiple customer environments. This blog breaks down two real-world attack scenarios and highlights the autonomous actions taken by AI.
Dec 15, 2021
By constantly shifting tactics, the Conti Ransomware Gang have maintained one of the largest stakes in the increasingly profitable ransomware industry. Discover how Darktrace was able to detect one of their crippling double extortion attacks at its earliest stages.
Dec 8, 2021
Quick off the blocks: Darktrace AI detects Egregor ransomware attack on day one of deployment
A utility services company was one day into its Darktrace deployment when the AI detected the early signs of a ransomware attack. This blog explores the detections.
Dec 2, 2021
As Arrow McLaren SP looks back on a positive season, the team reflect on their key challenges and successes – and explain how AI and automation is leveraged in every aspect of their work – from driver simulation to cyber security.
Nov 17, 2021
A new part of the McLaren car is created every 15 seconds, with suppliers around the world contributing to the team’s success. From a security perspective, each of these providers represent a potential chink in McLaren’s defensive armor. Learn why the security team chose Darktrace’s AI to protect the organisation from supply chain attacks.
Nov 16, 2021
As ‘Bring Your Own Device’ (BYOD) drives digital convergence of our personal and professional lives, Black Friday scams targeting personal inboxes can easily spill over into corporate environments. This, coupled with an increased incidence of ransomware attacks over public holidays, is giving defenders plenty to think about this holiday season.
Nov 11, 2021
With over 30,000 unpatched GitLab servers remaining unprotected against the vulnerability tracked as CVE-2021-22205, Darktrace’s AI has detected several compromises that have resulted in crypto-currency mining. This blog explores how Cyber AI Analyst connected the dots and revealed the full extent of the intrusion in different organizations.
Nov 8, 2021
Cyber-criminals are increasingly ‘Living off the Land’, leveraging commonly-used tools to fly under the radar of conventional cyber defenses. Discover why Self-Learning AI is uniquely positioned to identify attacks leveraging this technique.
Nov 4, 2021
The once notorious Ryuk ransomware has returned in new hands. Discover how small-time criminals are getting hold of cyber-crime’s most malicious tools, and what organizations can do to protect themselves.
Oct 21, 2021
For years, the notorious crypto-jacking group Outlaw have been adapting their botnet to make it past traditional security measures. This blog explains how Darktrace was able to see through their disguises and unpack their methods.
Oct 11, 2021
The ‘Internet of Things’ is all around us, and yet it presents one of the most overlooked threat vectors in cyber. This blog explores how attackers gain footholds into corporate environments through Internet-connected smart devices, and how Self-Learning AI illuminates threats in this area.
Sep 30, 2021
2021 has been the year of supply chain attacks. But although companies and the media have acted surprised, targeting the supply chain is nothing new.
Sep 23, 2021
When a cyber-attack struck a national sporting body one week before the start of the Tokyo Olympics, Darktrace was on hand to autonomously stop the threat. This blog breaks down the attack in detail.
Sep 20, 2021
Discover why Sellen Construction rely on Darktrace and Microsoft to protect their dynamic cloud environment, how AI Analyst saves its security team time in threat investigation, and how Darktrace enables self-learning protection across the business.
Sep 9, 2021
When it comes to tackling the problem of ransomware, attack is the best form of defense. This blog explores how to spot the early indicators of ransomware, which can prove a pivotal advantage as the game develops.
Sep 7, 2021
Mapping and patching common vulnerabilities and exposure (CVEs) is not enough to achieve truly robust defense. This blog discusses the limits of vulnerability tracking and how self-learning technology can help achieve the goals of Biden’s National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems.
Aug 26, 2021
With Black Hat USA 2021 drawing to a close, this blog post breaks down the six key trends that emerged during the conference.
Aug 20, 2021
Remote Desktop Protocol (RDP) has become one of the most popular methods of intrusion for attackers. This blog analyzes a rapid RDP attack which evolved from initial access to lateral movement in only seven hours.
Aug 17, 2021
Complicated by increasing SaaS usage and global supply systems, the supply chain is the most pressing concern facing cyber security. This blog examines how Darktrace detected a phishing email from a trusted third party, which led to a vicious cycle of compromise.
Aug 12, 2021
Since the Cobalt Strike source code was leaked on the Dark Web last year, Darktrace has observed various ransomware gangs and APTs using the framework to facilitate their attacks. This blog breaks down what Cobalt Strike is, and how AI can help.
Aug 5, 2021
2000 years on from Sun Tzu’s ‘The Art of War’, his tactics of deception and espionage are more pertinent than ever. Modern-day warfare is plagued by the problem of attribution. With cyber-attacks appearing to come from different nations and masquerading as different threats, how can you hope you gain the advantage?
Jul 29, 2021
This blog explores how one compromised server led to the creation of a botnet, which in turn was deployed for illegal crypto-mining. Darktrace’s Cyber AI Analyst pinpointed the malicious activity and analyzed every stage of the attack.
Jul 26, 2021
Latin America has been one of hardest hit regions for cyber-crime this last year. This blog unpacks an intrusion at a pharmaceutical organization based in LATAM, and how Self-Learning AI detected the data exfiltration attack at every stage.
Jul 20, 2021
Ransomware groups are popping up every week, returning with new names and new variants. Learn how Darktrace detected Egregor ransomware in a customer environment, without the use of any signatures.
Jul 15, 2021
REvil have exploited IT management software provider Kaseya in one of the most far-reaching ransomware attacks of the year. This blog unpacks a real-world intrusion of REvil ransomware, and demonstrates how Autonomous Response protected customer data from encryption.
Jul 9, 2021
Operational technology does not need to be directly targeted to be shut down by an attack. This blog discusses how cyber-attacks can disrupt the continuity of operations by creating safety concerns, as well as the limits of securing IT and OT in isolation on today’s threat landscape.
Jul 8, 2021
The US administration have announced that ransomware will now be treated as a terrorism-level threat. This blog discusses what this means for the cyber-criminal world and private organizations, as all levels of society adapt to the new classification.
Jul 1, 2021
Deep dive into how an attacker leveraged compromised credentials to infect multiple servers and spread laterally through the organization. This detailed threat find is an excellent use case for Autonomous Response and the importance of patching vulnerabilities.
Jun 28, 2021
Open ports are an effective vector of attack for cyber-criminals. This blog analyzes how attackers hacked into an exposed Internet-facing server and exploited it to mine cryptocurrency.
Jun 22, 2021
With globalized companies and supply chains, organizations need one solution which works for all emails no matter the time zone, no matter the language. This blog analyses how Antigena Email stopped a series of multi-language phishing attacks, including an Emotet campaign in Japanese.
Jun 17, 2021
Proactive Threat Notifications and Ask The Expert provide around-the-clock support. In a recent case, Darktrace SOC analysts helped a customer handle the QakBot banking trojan before it spread to other devices.
Jun 14, 2021
This blog analyzes a sophisticated SaaS-based attack which leveraged several Microsoft 365 accounts to launch the offensive and maintain persistence.
Jun 10, 2021
Attack Surface Management is a large and multifaceted task. Discover how organizations can make it simpler and more effective with AI automation.
Jun 10, 2021
Cyber-attacks are becoming more unpredictable by the day. DarkSide was the latest example, but cyber miscalculations have occurred since the early days of the Internet. This blog discusses the dangers of unintended consequences and how we can guard against them.
Jun 8, 2021
As business infrastructures continue to increase in breadth and complexity, it's important to keep ahead of changes within your own organization's attack surface and stay ahead of attackers.
Jun 3, 2021
This blog discusses the consequences and challenges associated with compliance, and how Darktrace’s AI not only defends against double extortion ransomware, but also builds internal mechanisms that help enforce compliance across the workforce.
Jun 1, 2021
McLaren is unique in competing in both Formula 1 and the NTT INDYCAR Series. Darktrace’s AI has seamlessly scaled and extended to protect both teams from machine-speed cyber-attacks like ransomware, working across different time zones to provide around-the-clock protection with Autonomous Response.
May 26, 2021
With ransomware attacks against AXA ASIA, Colonial Pipeline, and Ireland’s Health Service last week, this blog explores how cyber-criminal groups are exfiltrating data to coerce victims into paying, in what is known as ‘double extortion’ ransomware.
May 19, 2021
In the wake of the Colonial Pipeline cyber-attack, this blog discusses the many threats facing critical infrastructure, and how Cyber AI disrupted a similar ‘double extortion’ ransomware attack against an electrical utilities supplier.
May 13, 2021
Every organization is vulnerable to cyber-attacks, from schools and start-ups to whole cities. In this blog, the City of Tyler’s CIO describes how Cyber AI protects several Texan municipalities from attack, providing layered AI protection against tomorrow's threats.
May 10, 2021
The threat landscape is not what it was. Sprawling IoT ecosystems and globalized supply chains offer many opportunities for threat actors. Darktrace detects these vectors on a daily basis, sometimes in the very same attack.
May 4, 2021
Traditional email security tools weigh down the teams they were designed to help, with lengthy configuration processes and false positives which keep human operators in the weeds. This blog explains how autonomous AI frees up IT teams, enabling them to focus on what matters.
Apr 29, 2021
This blog discusses how Darktrace discovered a stealthy pre-existing APT35 infection in a customer environment.
Apr 23, 2021
Darktrace AI appears to have detected a Hafnium attack against vulnerable Exchange servers in December 2020, three months before the zero-day was identified. This blog provides an in-depth analysis of the attack, which suggests that Hafnium’s campaign began far earlier than previously thought.
Apr 16, 2021
Cyber AI discovered an extensive crypto-mining campaign in cardboard boxes in a disused warehouse. This blog discusses the rise in cryptocurrency farms and what this signals for the international cyber-threat landscape.
Apr 8, 2021
When employees have logged off, and security teams are away from their desks, that’s prime time for attackers to strike. This blog discusses how cyber-criminals time their attacks to fall during weekends or holiday periods, and how defensive AI can stay awake and fight back.
Apr 1, 2021
This blog provides a concise overview of the key points from SANS Summit 2021. Knowing ‘self’ both defends against the growing tide of external threats and allows organizations to gain visibility into new vulnerable areas as ICS evolves.
Mar 26, 2021
Malicious emails sent from trusted third parties bypass defenses all too often. This blog examines how Antigena Email stopped a recent supply chain attack by identifying a behavioral shift in the emails even though they came from a trusted source, while still allowing legitimate traffic from the same account to pass through.
Mar 25, 2021
As a result of the wide-reaching Hafnium attacks, various threat actors have begun exploiting ProxyLogon. This blog post shows a real-life example of how Darktrace detected this campaign against vulnerable Exchange servers, before public attribution.
Mar 18, 2021
Internet-facing RDP servers are an increasingly common vector of compromise. This blog explains how one RDP infection nearly led to the creation of a botnet, had Darktrace AI not alerted the security team as soon as the attack began.
Mar 15, 2021
This blog explains how AWS’s extension of VPC Traffic Mirroring to non-Nitro instances supports Darktrace’s real-time visibility and adaptive, autonomous defense for AWS cloud environments.
Mar 10, 2021
As working patterns continue to evolve, Darktrace provides visibility over the remote business, detecting everything from account takeovers to advanced phishing attacks. This blog discusses how Cradlepoint utilizes Self-Learning AI to secure its SaaS environments.
Mar 3, 2021
Machine-speed attacks need a machine-speed response. This blog explores the rise of worm-like ransomware, and how Darktrace detected a LockBit ransomware attack where the attack stages all happened simultaneously, in the space of only four hours.
Feb 25, 2021
What happens when your two-factor authentication (2FA) has been hacked? What happens when security layers have been compromised, and a cyber-criminal has bypassed your security stack? This blog investigates how Darktrace’s Microsoft 365 connector detected a full SaaS account takeover, and launched a detailed investigation into the attack.
Feb 18, 2021
This blog explores how Darktrace AI can identify infections which have already breached an organization's digital system. Learn about the security risks posed by Industrial IoT devices, and how Cyber AI recently detected a number of compromised IIoT devices at a manufacturing company.
Feb 12, 2021
Version 5 of Antigena Email contains several updates and upgrades that streamline workloads for time-pressed security teams. This blog post explains how AI augments human defenders by detecting sophisticated threats and presenting its findings in an intuitive way.
Feb 10, 2021
AI has fundamentally changed email security in recent years, but there is significant distinction to be made in the application of the technology which may determine genuine and future-proof protection from a backward-looking model incapable of catching novel attacks.
Feb 2, 2021
This blog explains how the visibility provided by Google’s Packet Mirroring enables the Darktrace Immune System to seamlessly deploy in the cloud and form an understanding of what normal activity looks like for every user, container, application, and workload in a customer’s Google Cloud environment.
Jan 27, 2021
Version 5 offers a series of innovations across the Darktrace Immune System platform, bringing critical value to security teams grappling with the new normal. This blog explores how AI augments security teams with extended coverage across cloud services and zero-trust environments and an open architecture that enables seamless integrations.
Jan 25, 2021
This blog gives five predicted trends for email security in 2021, explaining how attackers will continue to adapt their tactics to evade legacy security reliant on rules and blacklists.
Jan 14, 2021
This blog explains how activity related to the SolarWinds hack can be detected without the use of signatures, and why a self-learning approach is the best possible mechanism to catch this Advanced Persistent Threat.
Jan 7, 2021
Faced with sophisticated phishing attacks targeting their C-suite, McLaren turned to AI to stop advanced email threats that outsmarted their legacy security tools. This blog uncovers an attack that slipped through their gateway but was neutralized by Antigena Email.
Jan 6, 2021
Darktrace recently detected and investigated a WastedLocker attack. This blog explores how this high-speed, high-stakes ransomware uses ‘Living off the Land’ techniques to bypass traditional security tools, and how Darktrace Antigena can autonomously stop this threat in its earliest stages, before encryption has begun.
Dec 22, 2020
An attack using the ZeroLogon exploit code was identified by Darktrace less than 24 hours after a CISA’s public announcement. This blog explores the consequences of a ZeroLogon attack and how Darktrace AI managed to detect and investigate the threat.
Dec 17, 2020
Darktrace recently detected Sodinokibi, the most lucrative strain of ransomware in 2020, in a retail organization in the US. Cyber AI Analyst launched several automatic, real-time investigations into the incident simultaneously, producing concise and digestible summaries shown in this blog.
Nov 30, 2020
As the US Treasury announces new sanctions on the Russian institute believed to be behind the TRITON malware, this blog takes a look at the significance of this attack, and extrapolates what’s around the corner for OT cyber-attacks.
Nov 18, 2020
Traditional email gateways rely on pre-emptively rewriting links so that down the line, when they have updated information about a potential attack, they can take action. This blog exposes the pitfalls of this approach and examines a more modern approach to email security.
Nov 5, 2020
Attackers are targeting increasingly high-stakes environments with ransomware. This blog post explores how AI can be used to detect and autonomously neutralize machine-speed attacks – looking in particular at how Darktrace caught Maze ransomware targeting a healthcare organization.
Oct 22, 2020
With a major water utilities firm in the UK recently moving their SCADA systems to the cloud, this blog explores what ‘ICSaaS’ would look like in practice, and the security implications of such a transformation.
Oct 14, 2020
Darktrace’s AI can identify the subtle signs of threat, even when the initial intrusion occurs prior to its deployment. This blog shows how by looking at a critical real-world detection at a European energy organization.
Oct 9, 2020
A logistics company was recently hit by a successful email attack that slipped through Mimecast and led to a compromised account, with the attacker accessing several sensitive files before sending out over 1000 emails to other employees. This blog details how Darktrace’s AI was able to detect the activity when legacy tools could not.
Oct 5, 2020
Despite organizations adopting ‘secure’ email gateways and extensive employee training, 94% of cyber-attacks still start in the inbox. Cyber AI understands the human beings behind email communications and autonomously responds to anomalous emails it deems malicious, stopping attacks that other tools miss.
Oct 1, 2020
As IT and OT converges, cyber-attacks are increasingly spreading to Industrial Control Systems, causing operational outages and physical disruption. Darktrace’s AI recently detected a simulation of an advanced threat in the environment of a major international airport that used a range of ICS attack techniques.
Sep 24, 2020
Darktrace’s Immune System recently detected Glupteba malware attempting to steal sensitive information from a government organization. This blog post details how targeted and autonomous actions from Darktrace Antigena would have contained the attack.
Sep 22, 2020
Cyber-criminals are increasingly looking to deploy malware via unusual file types as they know these aren’t checked by traditional email security tools. Darktrace’s AI recently detected and stopped a malicious ISO file that slipped through the rest of the security stack.
Aug 27, 2020
Darktrace’s Immune System has recently detected a resurgence of the Emotet banking malware in the network and email realms of numerous customers around the world. This blog looks at three case studies and explains the benefits of a unified approach to cyber security.
Aug 26, 2020
Darktrace has recently observed multiple intrusions associated with renowned threat actor Evil Corp. This blog details how Darktrace’s AI detected the malicious activity throughout the attack life cycle – from the initial intrusion and the C2 traffic to the encryption or exfiltration of sensitive files.
Aug 19, 2020
The increased use of off-the-shelf tools is lowering the barrier to entry for cyber-criminals. This blog explores an incident in which a low-skilled threat actor was able to successfully deploy ransomware in a retail organization by connecting to the domain controller.
Aug 17, 2020
Fearware involves exploiting a sense of fear, uncertainty and doubt to coax an email recipient to click on a malicious link. This blog dissects an email attack claiming to be a COVID-19 relief fund application from the Small Business Administration.
Aug 13, 2020
Supply chain account takeover presents one of the more elusive threats to the inbox. This blog explains how Darktrace’s AI picked up on one such attack by recognizing the anomalous link.
Aug 10, 2020
Darktrace recently detected a cyber-attack that used the processing power of a biometric scanner to mine for cryptocurrency. The activity occurred while the office was closed due to COVID-19, but Cyber AI detected the anomalous behavior in real time.
Aug 10, 2020
Darktrace recently caught Eking ransomware targeting a government organization in APAC. This blog post details the anomalous behavior detected by Cyber AI, and evaluates the incident report surfaced by Darktrace’s automated investigation technology, the Cyber AI Analyst.
Aug 7, 2020
This blog looks across a database of hundreds of customers to reveal the extent of ICS protocol use within IT environments. With increasing IT/OT convergence, the need for a unified security platform with visibility and detection capabilities across both realms has never been more critical.
Aug 6, 2020
Twitter has now confirmed spear phishing was the cause of last month’s attack. This blog looks at the limitations in our current defenses against this well-known attack technique, and how a layered AI approach identifies and stops it.
Aug 5, 2020
When a Microsoft 365 account was taken over at a technology firm, Darktrace’s Cyber AI Platform immediately detected the anomalous behavior. As the compromised account began sending out hundreds of emails, the Cyber AI Analyst investigated in real time and raised a high-confidence alert to the security team.
Aug 4, 2020
Darktrace has seen an unprecedented rise in email attacks impersonating SaaS platforms to coax a recipient into divulging their account credentials. Two malicious emails supposedly from WeTransfer were recently recognized by Antigena as spoofing attempts, and stopped in their tracks.
Jul 30, 2020
LeChiffre ransomware was recently identified by Darktrace’s AI inside the network of a US distributor. As the Cyber AI Analyst launched an automated investigation in real time, this blog looks at every stage of the attack kill chain, and how it could have been stopped with Autonomous Response.
Jul 28, 2020
Antigena Email recently caught a phishing attack that attempted to steal the recipients’ credentials by posing as their organization’s IT team. The email was detected due to its anomalous link and the impersonation attack was neutralized.
Jul 24, 2020
The Ursnif banking trojan attempts to blend into the network as legitimate Zoom and Webex activity, before trying to capture credentials. Earlier this month, the malware was automatically detected and neutralized by Darktrace’s AI.
Jul 23, 2020
With increasing convergence between the cyber-physical realm and the corporate network, Darktrace has seen a rise in cyber-attacks that start in IT before traversing into industrial systems. This blog details one such threat, that was detected and investigated on by AI.
Jul 22, 2020
Effective email security relies not just on catching targeted attacks, but also not interfering with legitimate emails. This blog looks at the case of an ‘unusual but benign’ email that Antigena let through, allowing business to continue as usual.
Jul 20, 2020
The number of active daily users on Microsoft Teams has increased exponentially in recent months, and cyber-criminals are taking advantage of this shift in our working habits. Darktrace’s AI recently found a malicious email impersonating the collaboration platform to try and steal the recipient’s credentials.
Jul 16, 2020
Darktrace’s AI email security recently stopped a malicious email attempting to impersonate Chase bank, coaxing the recipient into handing over their credentials. This blog covers why the attack evaded traditional security tools at the gateway, and how Darktrace spotted and neutralized the threat in real time.
Jul 13, 2020
With the California Consumer Privacy Act (CCPA) coming into force this month, organizations’ handling of personal information is under greater scrutiny than ever. This blog explains how Darktrace’s Cyber AI Platform can help provide unified and granular real-time monitoring of personal data.
Jul 9, 2020
Darktrace recently detected a series of crypto-mining campaigns in its customers just a week after SaltStack revealed a vulnerability. This blog details the initial infection, payload execution and command and control, describing how AI identified the threat in real time.
Jul 8, 2020
Darktrace recently stopped three related email attacks in a Gmail environment of an Antigena Email customer. The attacks attempted to impersonate high-profile executives and bypassed legacy tools, but the anomalous activity was identified and neutralized by AI.
Jul 7, 2020
The story of an academic institution that turned to Darktrace after an email attack slipped through their existing security stack and cost them over $60,000.
Jul 3, 2020
With cyber-attacks on the IoT devices becoming increasingly prevalent, this blog post details how Darktrace’s AI identified the Mirai malware in an Internet-connected CCTV camera, breaking down each stage of the attack life cycle.
Jun 30, 2020
The EKANS ransomware attack that disrupted Honda’s operations across the globe this month has opened old wounds in the OT security world – and highlighted the importance of a unified security strategy across the entire digital estate.
Jun 25, 2020
With email spoofing attacks on the rise, Mariana Pereira analyzes a phishing campaign targeting a technology company that impersonated the QuickBooks accounting software.
Jun 24, 2020
An overview of the techniques used by hackers-for-hire group Dark Basin, and how AI is well-placed to respond to email impersonation attacks that other tools miss.
Jun 11, 2020
This blog outlines two cases of Microsoft 365 account takeover, detailing how Darktrace’s ability to correlate insights across SaaS applications and email activity enabled it to neutralize the threats.
Jun 8, 2020
This blog post explains how enterprise-wide and real-time analysis enables self-learning AI to uniquely detect and investigate threats in AWS environments at an early stage.
May 22, 2020
By learning employee’s normal patterns of behavior across cloud and SaaS environments, the Cyber AI Platform recently detected and investigated two incidents of SaaS account takeover in real time.
May 20, 2020
Max Heinemeyer explains how Cyber AI detected a fast-acting, targeted Dharma ransomware attack, highlighting the anomalous behavior involved in every stage of the attack lifecycle.
May 6, 2020
Dan Fein explores how mass domain purchasing allows cyber-criminals to stay ahead of legacy email tools — and how cyber AI stops the threats that slip through.
Apr 30, 2020
AI is being used by cyber-criminals to augment their attacks at every stage in the kill chain, ensuring their campaigns are fast, numerous and stealthy.
Apr 27, 2020
Customer perspective: Gabe Cortina, CTO at Bunim/Murray Productions, explains how Antigena Email protects the organization from increasingly targeted and topical spear phishing emails.
Apr 23, 2020
Recent trends in email behavior, including increased digital subscriptions and remote presentations, are being exploited by attackers to gain a foothold.
Apr 15, 2020
As adversaries adopt a collection of techniques to escape detection, the challenge of reliably attributing cyber-threats intensifies.
Apr 8, 2020
This blog looks at how the cyber-criminal group APT41 exploited a zero-day vulnerability, and examines how Darktrace’s AI detected and investigated the threat at machine speed.
Apr 2, 2020
Security professionals defending critical infrastructure are facing a broad set of challenges under evolving and dynamic business conditions.
Mar 25, 2020
Companies need to leverage technology that can allow them to continue to operate amidst uncertainty without choking productivity at this critical time.
Mar 19, 2020
Darktrace’s AI recently neutralized an email attack exploiting a sense of urgency that evaded the organization’s gateway security tools.
Mar 12, 2020
Groundbreaking technology combines the skill of human expertise with the speed and scale of AI, filling in gaps in domain knowledge.
Feb 26, 2020
The power of Darktrace’s self-learning AI comes into play when threat-actors use off-the-shelf tooling, making detection more difficult.
Feb 21, 2020
Recently discovered Citrix vulnerability strengthens the case for Autonomous Response and its proven ability to prevent novel attacks.
Jan 27, 2020
Cyber AI is taking back the advantage over an ever-evolving adversary, saving time, money, resources, and – perhaps most critically – reputation.
Jan 15, 2020
Criminals are increasingly turning to more subtle forms of attacks that easily bypass legacy security tools.
Jan 8, 2020
By learning the online behavior of each unique user and device that it protects, Cyber AI can distinguish between “naughty” and “nice” domains in real time.
Dec 18, 2019
Darktrace Antigena’s surgical intervention affords security teams the time they needed to investigate malicious behavior.
Dec 3, 2019
Addressing the ransomware epidemic once and for all requires unsupervised machine learning.
Nov 18, 2019
To achieve compliance in 2020, human teams need artificial intelligence to make sense of their dynamic digital estates.
Oct 31, 2019
Catching sophisticated, long-haul attacks requires AI-powered tools that learn what’s normal for each unique user and device.
Oct 2, 2019
By uniting email security with enterprise security, we can autonomously fight back against phishing attacks — even those we fall for hook, line, and sinker.
Sep 6, 2019
Black Hat demonstrated why, to safeguard the cities of tomorrow, we must go beyond looking for yesterday’s threats.
Aug 13, 2019
The path forward is to use artificial intelligence to understand how users behave within a company’s perimeter walls.
Aug 5, 2019
State-sponsored cyber-criminals are increasingly targeting energy grids, with the intention of causing outages that could bring victimized regions to a screeching halt.
Jul 31, 2019
During an extended trial in the network of a global company, Darktrace observed a Shamoon-powered cyber-attack.
Jul 10, 2019
Darktrace, creator of the first enterprise-grade autonomous response technology, leverages AI algorithms to stop malware in its tracks.
Jun 20, 2019
This guest-authored blog post examines how Cyberseer detected highly advanced red team activities with Darktrace’s Enterprise Immune System.
Jun 3, 2019
Spotting cyber hygiene issues caused by a lack of due diligence requires AI tools that alert on critical changes to network activity in real time.
May 29, 2019
Improving a company’s cyber hygiene is a continual responsibility, the nature of which perpetually changes as the business evolves.
May 15, 2019
The efficiencies promised by SaaS applications need not come at the cost of cyber security, since the latest AI cyber defenses shine a light on even the most nebulous traffic in the cloud.
Apr 23, 2019
If you build it, they will come: Cyber-criminals are exploiting Latin America’s new digital economy
In light of Latin America’s rapid digitalization and increasingly lucrative virtual assets, existing security vulnerabilities that were not significant several years or even months ago are now being exploited by cyber-criminals.
Apr 17, 2019
Keith Siepel, IT Manager at Hydrotech, Inc., examines an advanced cyber-threat discovered by Darktrace on a customer’s network.
Mar 26, 2019
The cyber AI approach successfully detected the Ursnif infections even though the new variant of this malware was unknown to security vendors at the time.
Mar 21, 2019
This guest-authored blog post examines an advanced cyber-threat discovered by Expel, using Darktrace, on a customer’s network.
Mar 12, 2019
Universities should embrace cyber AI to protect valuable research and IP, without impacting on the interconnectivity that we’ve come to expect on campus.
Mar 8, 2019
Security Operations teams face two fundamental challenges when it comes to 'finding bad': visibility and recognition.
Mar 5, 2019
By empowering security teams to respond before attackers can plunder a network’s entire cache of passwords, AI cyber defenses are thwarting Mimikatz and its copycats alike.
Feb 15, 2019
In the second installment of a two-part series, Darktrace’s Max Heinemeyer analyzes the rise of deceptive attacks and insider threats that Darktrace AI detected in 2018.
Feb 8, 2019
Keith Siepel, IT Manager at Hydrotech, Inc., examines an advanced cyber-threat discovered by Darktrace on a customer’s network.
Feb 4, 2019
In the first installment of a two-part series, Darktrace’s Max Heinemeyer reviews the IoT, Cloud, and SaaS trends of last year and forecasts what he expects to see in 2019.
Jan 28, 2019
In 2018, Darktrace detected a 239% year-on-year uptick in incidents related specifically to banking trojans.
Jan 10, 2019
The latest escalation in the cyber arms race sees attackers choosing stealth over speed and cunning over chaos.
Dec 3, 2018
The retail industry must be willing to adapt its cyber defenses against an ever-evolving adversary, or it may end Black Friday firmly in the red.
Nov 22, 2018
Since July 2018, Darktrace has identified an increasing number of cyber-attacks targeting law firms.
Oct 25, 2018
Our AI is actively defending ports across the world – such as Harwich Haven Authority and Belfast Harbour.
Oct 4, 2018
As threat actors are continually employing novel methods to compromise a network, a growing number of healthcare companies are now having to play catch-up in a fast-evolving threat landscape.
Aug 20, 2018
Already over 500 Darktrace customers use Darktrace Cloud to defend cloud environments and SaaS applications.
Jul 16, 2018
Darktrace’s AI algorithms autonomously detect which JA3s are anomalous for the network as a whole, and which JA3s are unusual for specific devices.
Jun 22, 2018
This article discusses some of the most common infection vectors and how the Darktrace Enterprise Immune System can assist security teams in catching ransomware threats.
May 9, 2018
Darktrace regularly detects crypto-mining attempts the moment they occur on a network.
Apr 16, 2018
Last month Darktrace identified an advanced malware infection on a customer’s device, which used a sophisticated Command & Control (C2) channel to communicate with the attacker.
Mar 7, 2018
Darktrace can pinpoint the changes in behavior effected by cryptocurrency miners without having to rely on any blacklists or signatures.
Feb 13, 2018
The algorithms made famous by Conficker almost a decade ago are continuing to frustrate the security community.
Feb 2, 2018
The TRITON malware attack reinforces the need for OT cyber security to begin well beyond the core control system network.
Jan 22, 2018
Darktrace helps security operations centre (SOC) teams become more efficient by drastically cutting down the time needed to investigate incidents.
Dec 8, 2017
Darktrace recently detected two rogue devices on the network of a major healthcare provider. They were brought onto the network by a trusted employee.
Nov 27, 2017
Earlier this year, Darktrace detected a new botnet engaged in a large-scale reflection and amplification attack targeting organizations around the world, including several governmental bodies.
Oct 30, 2017
This blog post describes the currently circulating ransomware called BadRabbit and how Darktrace’s machine learning technology detects it.
Oct 25, 2017
Over the last few weeks, Darktrace has confidently identified traces of the resurgence of a stealthy attack targeting Latin American companies.
Oct 12, 2017
AI detects new Feodo banking Trojan on a government network
Oct 2, 2017
From customer data breaches to lost IP – subtle cloud vulnerabilities can have devastating consequences.
Sep 18, 2017
Darktrace used machine learning to cut through the smokescreen of a self-modifying cyber-attack
Jul 31, 2017
The ‘ransomware’ attack sweeping the globe is yet another demonstration of the decreasing usefulness of the traditional cyber defense approaches.
Jun 29, 2017
Insider threats consistently bypass legacy tools. Learn how Darktrace’s AI stopped an insider from stealing valuable IP.
Jun 21, 2017
With Darktrace, these kind of infections are not hard to detect. WannaCry and other ransomware cause highly anomalous behavioral patterns that our machine-learning technology is ideally placed to recognize.
May 17, 2017
A live threat scenario: Darktrace detects and responds to a ransomware attack in seconds.
May 8, 2017
Ransomware is evolving. The newest strain packages a company’s data and threatens to release it to the public.
Apr 5, 2017
Disgruntled employees may be in the minority, but their potential to do serious damage can’t be ignored.
Mar 6, 2017
A new threat type called ‘ambient surveillance’ is on the rise.
Feb 13, 2017
Last year, hackers made off with $951 million from the Bank of Bangladesh. The record-breaking cyber-heist was no anomaly. It was just one in a series of sophisticated cyber-attacks targeting the financial sector. In 2014, criminals stole account information from 83 million JP Morgan customers. And again last year, a single Russian bank suffered 69 separate DDoS attacks. Cyber-attacks against the financial sector are relentless.
Jan 30, 2017
Imagine a piece of malware hidden on your boss’ computer. It watches her every move, quietly listening; learning. It sifts through her emails, calendar, and messages. In the process, it doesn’t just learn her writing style. It learns the unique way she interacts with everyone in her life.
Jan 9, 2017
2016 has seen an unprecedented wave of cyber-attacks. What will the attacks of the future look like?
Dec 16, 2016
If amateurs can use the Internet of Things to wreak havoc, how will more sophisticated attackers proceed?
Dec 5, 2016
Every year, on the first Monday after Thanksgiving, two things happen. First, online retailers slash prices and the internet goes on its annual shopping spree. And second, criminals swarm on unwitting businesses, launching large-scale hacks and clever scams.
Nov 18, 2016
The 2016 U.S. election is roiled by fears over election tampering and cyber-warfare. While such anxiety threatens to undermine confidence in the results, the up-side is that for the first time since 2000, the election is generating thoughtful discussion on the intersection of cyber-security and voting.
Nov 4, 2016
Large-scale hacks dominate the news, but what do these attacks look like while they’re still developing? Our threat analysts and ‘immune system’ technology caught these six real-world attacks, giving you a rare glimpse into the world of early-stage cyber-attacks.
Oct 24, 2016
Earlier this month, cyber-criminals broke into the systems of a water treatment facility in Florida and altered the chemical levels of the water supply. This incident serves as a reminder that attacks in the digital space are having an increasing impact on the physical world.