Press Release
Updated statement regarding LockBit claims
We have completed a thorough security investigation following yesterday’s tweets by LockBit claiming they had compromised Darktrace’s internal systems. We can confirm that there has been no compromise of our systems or any of our affiliate systems. Our service to our customers remains uninterrupted and is operating as normal and no further action is required.
Press Release
Statement regarding LockBit claims
Earlier this morning we became aware of tweets from LockBit, the cyber-criminal gang, claiming that they had compromised Darktrace’s internal security systems and had accessed our data. Our security teams have run a full review of our internal systems and can see no evidence of compromise. None of the LockBit social media posts link to any compromised Darktrace data. We will continue to monitor the situation extremely closely, but based on our current investigations we are confident that our systems remain secure and all customer data is fully protected.
Press Release
Darktrace AI Stops Cyber-Attack Exploiting Log4j Vulnerability at Global Financial Services Provider
Darktrace AI Stops Cyber-Attack Exploiting Log4j Vulnerability at Global Financial Services Provider
Darktrace, a global leader in cyber security AI, today announced that a global provider of financial services recently detected and stopped an attacker attempting to leverage a vulnerability in Log4j to deploy malicious code across the organization.
The company, which has total assets of over $5 billion and operates across several continents, uses Darktrace’s Self-Learning AI to detect and respond to cyber-threats at machine speed across the digital estate. By constantly evolving its understanding of the company’s ‘normal’ operations, the AI is able to spot the subtle signs of emerging threats and autonomously interrupt in-progress attacks.
In early March, Darktrace’s AI detected that a Virtual Desktop Infrastructure (VDI) server at the company was behaving unusually, downloading a shell script from a suspicious external endpoint. The attacker had exploited a Log4j vulnerability for initial access and was attempting to use the server to conduct network reconnaissance and perform lateral movement activity.
The attack prompted the organization to activate Darktrace’s Autonomous Response technology, Antigena, which was able to contain the threat in seconds without interrupting regular business activity on the VDI server. The company has now set Antigena to constant ‘Active Mode’, whereby the AI can independently and intelligently take action to interrupt emerging attacks.
Without the intervention of Darktrace AI, the attacker would have broadened their presence within the organization and would have been able to deploy ransomware or exfiltrate sensitive data.
“High impact vulnerabilities like Log4j allow cyber-attackers to compromise systems with little effort, and responding quickly is absolutely crucial,” said Max Heinemeyer, VP of Cyber Innovation at Darktrace. “Without complete visibility over the organization and a machine speed response using powerful technology like AI, security teams would be fighting a losing battle when it comes to these sophisticated attacks. In this instance, the AI contained the attack in the nick of time – ensuring that the company did not suffer financial or reputational damage.”
About Darktrace
Darktrace (DARK.L), a global leader in cyber security AI, delivers world-class technology that protects over 6,500 customers worldwide from advanced threats, including ransomware and cloud and SaaS attacks. Darktrace’s fundamentally different approach applies Self-Learning AI to enable machines to understand the business in order to autonomously defend it. Headquartered in Cambridge, UK, the company has more than 1,700 employees and over 30 offices worldwide. Darktrace was named one of TIME magazine’s ‘Most Influential Companies’ for 2021.