This blog explores how Darktrace/OT aligns with FERC Order 887 requirements. Darktrace employs anomaly-based detection to uncover insider threats and supply chain attacks within CIP networked environments, all without relying on external connectivity.

The emergence of Lumma Stealer, an information stealer that has recently been observed across the Darktrace fleet. Learn more about this new threat!

At Darktrace, we saw that AI could address an existential threat – defending people, businesses and nations from a world of constantly evolving threats. This threat is only poised to grow as AI is increasingly used by attackers. That’s why we became one of the first to apply AI to cyber security and built a completely AI native technology platform aimed at freeing the world of cyber disruption.

By using HEAL, teams can test their incident response plans in realistic scenarios and identify gaps in their security tools or processes to improve their overall cyber resilience.

In mid-April 2023, Darktrace observed two related clusters of attack chains across its customer base. Further investigation revealed these clusters of activity to be related to exploitation of a critical vulnerability in the print management system, PaperCut. This blog details the observed attack chains, and Darktrace’s coverage of the steps involved in them.

This blog details how Darktrace leveraged its anomaly-based detection to successfully identify an ongoing ransomware attack on the network of a customer, as well as the activity that preceded it.

This blog summarizes key themes that emerged from Black Hat USA 2023, including AI developments, integrations, and the human side of cyber security.

This blog details a malicious actor’s attempt to abuse a customer’s administrative credentials in order to further their compromise on the network. Thanks to its anomaly-based approach to threat detection, Darktrace was the only solution in the customer’s stack to identify and contain the attack.

Explore how Darktrace addresses the challenge of vulnerability prioritization through the context gained from a deep understanding of the bespoke organization.

When it comes to responding to an incident, bad timing wastes resources. And traditional incident response strategies make it very hard to get the timing right. With Darktrace HEAL, organizations can now identify and address critical events faster and more efficiently to save security teams time, money, and effort.

This blog discusses how Darktrace successfully identified a novel attack technique used by the Syssphinx threat group while deploying ransomware on a customer network.

With the help of generative AI tools, the barrier to entry is lowered for cyber criminals to create many hyper-realistic emails with minimal errors, which are less likely to contain the low-sophistication markers of a typical phishing attack. This blog outlines how Darktrace/Email used its understanding of ‘normal’ to accurately detect and respond to a sustained phishing campaign targeting a real-life company.

This blog discusses how insider threats pose a security risk specifically to OT systems, what the challenges are dealing with insider threats, and potential solutions for mitigating insider threats.

Discover the emerging trend of malicious actors abusing the Interplanetary File System (IPFS) file storage protocol in phishing campaigns. Learn more here!

This blog details how Darktrace detected a case of Business Email Compromise (BEC) on a customer network. Darktrace’s SOC was able to alert the customer to the ongoing compromise within their SaaS environment, thwarting the attack in its tracks.

This Darktrace long read investigates how psychological research into the nature of trust relates to our relationship with technology. Because the brain is wired to implicitly trust the devices it uses everyday, humans cannot be relied upon to identify anomalies such as phishing emails. Email security driven by machine augmentation, such as AI anomaly detection, is the clearest solution to tackle that challenge.

This blog takes a renewed look at the latest campaign activity linked with the notorious Outlaw crypto-mining operation. It discusses Darktrace’s investigation into recent cases of Outlaw, detailing the re-appearance of previously observed tactics, while also discussing the emergence of new ones.

In March 2023, Darktrace observed a Vendor Email Compromise (VEC) attack against a Darktrace customer. This blog provides details of this VEC attack, along with details of how Darktrace/Email autonomously detected and responded to it.

This blog explores Darktrace’s successful detection of a recent phishing campaign against a tech customer, which employed a relatively novel technique – QR Code exploitation. Thanks to Darktrace/Email the attack was thwarted in the first instance.

This blog discusses Darktrace Threat Research team’s investigation into CryptBot info-stealer infections detected across the customer base between late 2022 and early 2023, and how Darktrace DETECT and RESPOND were able to identify and stop infections within seconds.

This blog discusses how Darktrace detected examples of the 3CX supply chain compromise, the first known cascading supply chain compromise. Leveraging integrations with security vendors like CrowdStrike and SentinelOne, Darktrace was able to successfully identify and prevent multiple cases of the 3CX supply chain compromise across its customer base.

This blog describes how Darktrace DETECT and RESPOND can help organizations reduce privacy and security risks related to generative AI.

Over the past few months, Darktrace has observed several cases of malicious actors registering an application called ‘PerfectData Software’ during hijackings of Microsoft 365 accounts. In this blog, we will provide details of these account hijackings, along with details of Darktrace’s coverage.

Darktrace now integrates with Amazon Security Lake to augment the value security teams get from both products, streamlining analyst workflows and improving their ability to detect and respond to the full spectrum of known and unknown cyber-threats.

This blog investigates a new strain of ransomware, Hive, a ransomware-as-a-service. Darktrace was able to provide full visibility over the attacks.