Press Release

April 14, 2023 11:42 AM

Updated statement regarding LockBit claims

Mike Beck, Chief Information Security Officer, Darktrace

We have completed a thorough security investigation following yesterday’s tweets by LockBit claiming they had compromised Darktrace’s internal systems. We can confirm that there has been no compromise of our systems or any of our affiliate systems. Our service to our customers remains uninterrupted and is operating as normal and no further action is required.

Press Release

April 13, 2023 9:30 AM

Statement regarding LockBit claims

Earlier this morning we became aware of tweets from LockBit, the cyber-criminal gang, claiming that they had compromised Darktrace’s internal security systems and had accessed our data. Our security teams have run a full review of our internal systems and can see no evidence of compromise. None of the LockBit social media posts link to any compromised Darktrace data. We will continue to monitor the situation extremely closely, but based on our current investigations we are confident that our systems remain secure and all customer data is fully protected.

Press Release

Darktrace Publishes 2022 Cyber-Attack Trend Data for Energy, Healthcare & Retail Sectors Globally

Cambridge, UK
January 12, 2023

Media coverage

News publication logo

Darktrace Publishes 2022 Cyber-Attack Trend Data for Energy, Healthcare & Retail Sectors Globally

Read the story
January 12, 2023
Key trends  

·     Spike in Crypto-Mining Attacks Targeting Energy Providers

·     Surge in Credential Theft Affecting Retailers

·     Increase in Data Exfiltration Attacks on Healthcare Providers 

Darktrace, a global leader in cyber security artificial intelligence, today released three new cyber-threat trend reports revealing 2022 attack data observed across its global customer fleet.[1] The industry reports pertain to the energy, healthcare, and retail sectors respectively.

“These industry-specific reports are the first of their kind released by Darktrace, representing an important effort to surface the data underpinning the rapidly evolving threat landscape that we are defending against,” commented Toby Lewis, Global Head of Threat Analysis, Darktrace.
“The trends reveal crucial sector-specific challenges, from the tendency for hackers to siphon off the energy sector’s resources in the form of crypto-jacking, through to the invaluable nature of patient data which leads to data exfiltration in the healthcare sector,” commented Lewis. “The surge in credential-based attacks across the retail sector reflects the fact that identity theft will be a key trend for 2023, increasing the need for AI-based behavioral analytics for understanding employee actions in rich context and authenticating the actions taken using certain credentials.”
Energy Sector: Key Findings

Against the backdrop of a global energy crisis, Darktrace’s energy sector report reveals that illegal crypto-mining threats,whereby bad actors steal energy and processing power from other devices and networks, are on the rise across the industry. Notable findings include:

·       High-priority crypto-mining accounted for 13 times more of all observed cyber incidents in the UK energy sector in 2022 compared to 2021

·       High-priority crypto-mining accounted for 3 times more of all observed cyber incidents in the US energy sector in 2022 compared to 2021

The report divulges two real-world crypto-mining threat finds from a European and US energy organization respectively, which were both stopped by Darktrace’s AI technology. In the former case, attackers were caught attempting to mass pool crypto-mining capabilities using 5 internal servers at the organization.

Retail Sector: Key Findings

As online shopping remains popular, Darktrace’s retail sector report reveals that over the course of 2022, criminals increasingly turned toward credential theft, spoofing and stuffing to target this multi-billion-dollar industry’s online infrastructure. Notably:

·       Credential theft, spoofing and stuffing accounted for over 170% more of all observed cyber incidents in the US retail sector in 2022 compared to 2021

·       Credential theft, spoofing and stuffing accounted for over 14% more of all observed cyber incidents in the UK retail sector in 2022 compared to 2021

·       Credential theft, spoofing and stuffing accounted for over 70% more of all observed cyber incidents in the Australian retail sector in 2022 compared to 2021

One threat find in the report from August 2022 details the discovery of a never-before-seen attack tool lying dormant inside a well-known UK automotive retailer. Months before Darktrace had been adopted by the retailer, one of its devices had become infected with novel malware that lay dormant, establishing a foothold and waiting for the right time to launch an attack. After deployment, Darktrace AI caught the malware when it made multiple authentication attempts using spoofed credentials for one of the organization’s security managers. If successful, the attack could have undermined the organization’s entire security posture, allowing malicious software to gain control of the company’s infrastructure from within.

Healthcare Sector: Key Findings

Often viewed as a ‘soft target’ for cyber-criminals, hospitals and other healthcare organizations are extremely rich data sources from which attackers can make a profit by selling patient information such as medical records, credit cards or banking details. Darktrace’s healthcare sector report notably revealed:

·       Data exfiltration was one of the top 3 observed threats faced by healthcare providers globally, with organizations in the UK and Australia suffering an increased volume in 2022

·       The most common attack type observed across healthcare globally in 2022 was suspicious network scanning, a form of intelligence gathering which often constitutes the initial phase of a cyber-attack

The report details a real-world sophisticated threat faced by a US healthcare provider in which a malicious PowerShell script was discovered to be deployed on one of the organization’s internal servers, an attempt to give bad actors remote control over the target network. The threat was autonomously thwarted by Darktrace’s RESPOND™ technology before attackers could do harm.


[1] The data pertains to the period January-October 2022 and is compared with the same period in 2021.

About Darktrace

Darktrace (DARK.L), a global leader in cyber security artificial intelligence, delivers complete AI-powered solutions in its mission to free the world of cyber disruption. Breakthrough innovations from the Darktrace Cyber AI Research Centre in Cambridge, UK and its R&D centre in The Hague, The Netherlands have resulted in over 125 patent applications filed and significant research published to contribute to the cyber security community. Darktrace’s technology continuously learns and updates its knowledge of 'you' for an organization and applies that understanding to achieve an optimal state of cyber security. It is delivering the first ever Cyber AI Loop, fuelling a continuous end-to-end security capability that can autonomously prevent, detect, and respond to novel, in-progress threats in real time. Darktrace employs over 2,200 people around the world and protects over 8,100 organizations globally from advanced cyber-threats. It was named one of TIME magazine’s ‘Most Influential Companies’ in 2021.

share this article