Darktrace Blog Posts
Archive

All Posts

Attack Surface Management
Cloud
Apps
Zero Trust
HEAL
PREVENT
DETECT
Ask The Expert (ATE)
Proactive Threat Notifications (PTN)
Cyber AI Analyst
Apps - AWS
OT
Apps - Azure
Apps - Microsoft 365
Endpoint
Email
RESPOND
Network
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Default Darktrace Blog Post ImageBlog post image
This blog gives an overview of the proposed FAA regulations for safeguarding aviation systems and their cyber-physical networks. Read more to discover key points, challenges, and potential solutions for each use case.
2024
Sep 4, 2024
No items found.
Default Darktrace Blog Post ImageBlog post image
In early May 2024, Fog ransomware was first observed in the wild, seemingly targeting US-based educational organizations. Read on to find out about Darktrace’s investigation into this novel ransomware threat.
2024
Sep 6, 2024
No items found.
Default Darktrace Blog Post ImageBlog post image
In May 2024, a Darktrace customer was affected by KOK08, a ransomware strain commonly used by the Matrix ransomware family. Learn more about the tactics used by this ransomware case, including double extortion, and how Darktrace is able to detect and respond to such threats.
2024
Aug 27, 2024
Network
Default Darktrace Blog Post ImageBlog post image
As we enter the era of AI, both the way businesses operate and the landscape that they operate within are changing. To continue to support our customers, we’ve refocused our mission to be the essential cybersecurity platform using AI to proactively defend against novel and known threats.
2024
Aug 27, 2024
No items found.
Default Darktrace Blog Post ImageBlog post image
Darktrace observed the rapid exploitation of a critical vulnerability in JetBrains TeamCity (CVE-2024-27198) shortly following its public disclosure. Learn how the need for speedy detection serves to protect against supply chain attacks.
2024
Aug 21, 2024
No items found.
Default Darktrace Blog Post ImageBlog post image
Darktrace prevented a Critical National Infrastructure organization from falling victim to a SharePoint phishing attack originating from one of its trusted suppliers. This blog discusses common perceptions of zero-trust in email security, how AI that uses anomaly-based threat detection embodies core zero-trust principles and the relevance of this approach to securing CNI bodies with complex but interdependent supply chains from Cloud account compromise. 
2024
Aug 7, 2024
No items found.
Default Darktrace Blog Post ImageBlog post image
Explore Darktrace's 2024 Half-Year Threat Report for insights on the latest cyber threats and trends observed in the first half of the year.
2024
Aug 6, 2024
No items found.
Default Darktrace Blog Post ImageBlog post image
Safelink Smuggling is not necessarily a new phenomenon, but Darktrace analysts have seen a notable increase recently. Read this blog to learn how threat actors are deploying this technique in email attacks, how vendors can mitigate Safelink Smuggling attempts, and why defense-in-depth is the solution.
2024
Aug 2, 2024
Email
Default Darktrace Blog Post ImageBlog post image
As cloud adoption surges, the need for scalable, cloud-native security is paramount. This blog explores whether Cloud Detection and Response (CDR) is merely Network Detection and Response (NDR) tailored for the cloud, highlighting the unique challenges and essential solutions SOC teams require to secure dynamic cloud environments effectively.
2024
Jul 31, 2024
Cloud
Default Darktrace Blog Post ImageBlog post image
WarmCookie is a backdoor malware strain that allows threat actors to gather sensitive system information, facilitating further cyber attacks against their targets. Between April and June 2024, Darktrace’s Threat Research team investigated instances of WarmCookie on multiple customer networks, read on to learn more about their findings and the tactics used by this threat.
2024
Jul 26, 2024
No items found.
Default Darktrace Blog Post ImageBlog post image
Part 4: This blog explores the findings from Darktrace’s State of AI Cybersecurity Report on security professionals' understanding of the different types of AI used in security programs. Get the latest insights into the evolving challenges, growing demand for skilled professionals, and the need for integrated security solutions by downloading the full report.
2024
Jul 24, 2024
No items found.
Default Darktrace Blog Post ImageBlog post image
Informational stealers are a variant of malware designed to gather and exfiltrate sensitive information from targeted networks, this can include bank details, privileged user credentials and cryptocurrency wallet information. In late 2023, Darktrace’s Threat Research team investigated another strain on the rise, Jupyter.
2024
Jul 18, 2024
No items found.
Default Darktrace Blog Post ImageBlog post image
In early 2024, the TA577 threat group was observed utilizing a new attack chain to steal NTLM authentication data. Targets received a phishing email containing a ZIP file attachment which facilitated connection to malicious infrastructure, with NTLM hashes ultimately gathered by attackers. Here we detail Darktrace’s detection of this activity across its customer base.
2024
Jul 9, 2024
No items found.
Default Darktrace Blog Post ImageBlog post image
This blog examines the tactics, techniques and procedures associated with the notorious Ransomware-as-a-Service operator Qilin. Darktrace’s Threat Research team investigated several examples of Qilin actors targeting Darktrace customers between 2022 and 2024.
2024
Jul 4, 2024
No items found.
Default Darktrace Blog Post ImageBlog post image
Darktrace continues to innovate with Microsoft in the shared mission to deliver proactive cyber protection tailored to every organization. Joint customers benefit from two distinct, complementary security approaches – combining large scale threat intelligence with enterprise-native security insights – to address the full range of email threats.
2024
Jun 27, 2024
Email
Default Darktrace Blog Post ImageBlog post image
Darktrace/Email detected a phishing attack that had originated from LinkedIn, where the attacker impersonated a well known construction company to conduct a credential harvesting attack on the target. Darktrace’s ActiveAI Security Platform played a critical role in investigating the activity and initiating real-time responses that were outside the physical capability of human security teams.
2024
Jun 25, 2024
Email
Default Darktrace Blog Post ImageBlog post image
This blog investigates the network-based activity detected by Darktrace in compromises stemming from the exploitation of a vulnerability in Palo Alto Networks firewall devices, namely CVE-2024-3400.
2024
Jun 20, 2024
No items found.
Default Darktrace Blog Post ImageBlog post image
Vendors are scrambling to compare MTTD metrics laid out in the latest MITRE Engenuity ATT&CK® Evaluations. But this analysis is reductive, ignoring the fact that in cybersecurity, there are far more metrics that matter.
2024
Jun 25, 2024
No items found.
Default Darktrace Blog Post ImageBlog post image
This blog investigates Medusa ransomware, a Ransomware-as-a-Service (RaaS) variant that is known to use living off the land techniques to infect target networks and move towards its ultimate goals, data encryption and exfiltration.
2024
Jun 10, 2024
No items found.
Default Darktrace Blog Post ImageBlog post image
With complex digital and physical systems, that are increasingly interconnected, the expanding attack surface calls for a unified security solution. Explore the challenges, risks, and potential solutions for organizations aiming at securing distribution centers from cyber threats.
2024
Jun 12, 2024
No items found.
Default Darktrace Blog Post ImageBlog post image
This blog examines a network compromise that stemmed from the purchase of leaked credentials from the dark web. Credentials purchased from dark web marketplaces allow unauthorized access to internal systems. Such access can be used to exfiltrate data, disrupt operations, or deploy malware.
2024
Jun 3, 2024
No items found.
Default Darktrace Blog Post ImageBlog post image
Many companies use third-party data management for efficiency, global access, collaboration, and reliability. Find out what those organizations need to know about addressing the security risks and best practices associated with third-party data management.
2024
Jun 3, 2024
No items found.
Default Darktrace Blog Post ImageBlog post image
Ensuring trust, battling ransomware, and detecting novel attacks pose critical challenges in network security. This blog explores these challenges and shows how leveraging AI-driven security solutions helps security teams stay informed and effectively safeguard their network.
2024
Jun 21, 2024
Network
Default Darktrace Blog Post ImageBlog post image
This blog delves into Darktrace’s investigation into the exploitation of the Citrix Bleed vulnerability on the network of a customer in late 2023. Darktrace’s Self-Learning AI ensured the customer was well equipped to track the post-compromise activity and identify affected devices.
2024
May 28, 2024
Network
Default Darktrace Blog Post ImageBlog post image
In July 2023, the U.S. Securities and Exchange Commission (SEC) adopted new rules concerning cybersecurity incidents and disclosures. This blog describes the new rules and demonstrates how Darktrace can help organizations achieve compliance with these standards.
2024
Jul 17, 2024
No items found.