See how AI can assist human security teams and think logically to manage cyber incidents efficiently in situations where variables are fast-moving. Read more!
Darktrace cyber analysts are world-class experts in threat intelligence, threat hunting and incident response, and provide 24/7 SOC support to thousands of Darktrace customers around the globe. Inside the SOC is exclusively authored by these experts, providing analysis of cyber incidents and threat trends, based on real-world experience in the field.
Written by
Hanah Darley
Director of Threat Research
Share
19
Sep 2023
Within cyber security, crises are a regular occurrence. Whether due to the ever-changing tactics of threat actors or the emergence of new vulnerabilities, security teams find themselves under significant pressure and frequently find themselves in what psychologists term "crisis states."1
A crisis state refers to an internal state marked by confusion and anxiety to such an extent that previously effective coping mechanisms give way to ineffective decision-making and behaviors.2
Given the prevalence of crises in the field of cyber security, practitioners are more prone to consistently making illogical choices due to the intense pressure they experience. They also grapple with a constant influx of rapidly changing information, the need for swift decision-making, and the severe consequences of errors in judgment. They are often asked to assess hundreds of variables and uncertain factors.
The frequency of crisis states is expected to rise as generative AI empowers cyber criminals to accelerate the speed, scale, and sophistication of their attacks.
Why is it so challenging to operate effectively and efficiently during a crisis state? Several factors come into play.
Firstly, individuals are inclined to rely on their instincts, rendering them susceptible to cognitive biases. This makes it increasingly difficult to assimilate new information, process it appropriately, and arrive at logical decisions. Since crises strike unexpectedly and escalate rapidly into new unknowns, responders experience heightened stress, doubt and insecurity when deciding on a course of action.
These cognitive biases manifest in various forms. For instance, confirmation bias prompts people to seek out information that aligns with their pre-existing beliefs, while hindsight bias makes past events seem more predictable in light of present context and information.
Crises also have a profound impact on information processing and decision-making. People tend to simplify new information and often cling to the initial information they receive rather than opting for the most rational decision.
For instance, if an organization has successfully thwarted a ransomware attack in the past, a defender might assume that employing the same countermeasures will suffice for a subsequent attack. However, ransomware tactics are constantly evolving, and a subsequent attack could employ different strategies that evade the previous defenses. In a crisis state, individuals may revert to their prior strategy instead of adapting based on the latest information.
Given there are deeply embedded psychological tendencies and hard-wired decision-making processes leading to a reduction in logic during a crisis, humans need support from technology that does not suffer from the same limitations, particularly in the post-incident phase, where stress levels go into overdrive.
In the era of rapidly evolving novel attacks, security teams require a different approach: AI.
AI can serve as a valuable tool to augment human decision-making, from detection to incident response and mitigation. This is precisely why Darktrace introduced HEAL, which leverages self-learning AI to assist teams in increasing their cyber resilience and managing live incidents, helping to alleviate the cognitive burden they face.
Darktrace HEAL™ learns from your environment, including data points from real incidents and generates simulations to identify the most effective approach for remediation and restoring normal operations. This reduces the overwhelming influx of information and facilitates more effective decision-making during critical moments.
Furthermore, HEAL offers security teams the opportunity to safely simulate realistic attacks within their own environment. Using specific data points from the native environment, simulated incidents prepare security teams for a variety of circumstances which can be reviewed on a regular basis to encourage effective habit forming and reduce cognitive biases from a one-size-fits-all approach. This allows them to anticipate how attacks might unfold and better prepare themselves psychologically for potential real-world incidents.
With the right models and data, AI can significantly mitigate human bias by providing remediation recommendations grounded in evidence and providing proportionate responses based on empirical evidence rather than personal interpretations or instincts. It can act as a guiding light through the chaos of an attack, providing essential support to human security teams.
Darktrace cyber analysts are world-class experts in threat intelligence, threat hunting and incident response, and provide 24/7 SOC support to thousands of Darktrace customers around the globe. Inside the SOC is exclusively authored by these experts, providing analysis of cyber incidents and threat trends, based on real-world experience in the field.
Securing Generative AI: Managing Risk in Amazon Bedrock with Darktrace / CLOUD
Security risks and challenges of generative AI in the enterprise
Generative AI and managed foundation model platforms like Amazon Bedrock are transforming how organizations build and deploy intelligent applications. From chatbots to summarization tools, Bedrock enables rapid agent development by connecting foundation models to enterprise data and services. But with this flexibility comes a new set of security challenges, especially around visibility, access control, and unintended data exposure.
As organizations move quickly to operationalize generative AI, traditional security controls are struggling to keep up. Bedrock’s multi-layered architecture, spanning agents, models, guardrails, and underlying AWS services, creates new blind spots that standard posture management tools weren’t designed to handle. Visibility gaps make it difficult to know which datasets agents can access, or how model outputs might expose sensitive information. Meanwhile, developers often move faster than security teams can review IAM permissions or validate guardrails, leading to misconfigurations that expand risk. In shared-responsibility environments like AWS, this complexity can blur the lines of ownership, making it critical for security teams to have continuous, automated insight into how AI systems interact with enterprise data.
Darktrace / CLOUD provides comprehensive visibility and posture management for Bedrock environments, automatically detecting and proactively scanning agents and knowledge bases, helping teams secure their AI infrastructure without slowing down expansion and innovation.
A real-world scenario: When access goes too far
Consider a scenario where an organization deploys a Bedrock agent to help internal staff quickly answer business questions using company knowledge. The agent was connected to a knowledge base pointing at documents stored in Amazon S3 and given access to internal services via APIs.
To get the system running quickly, developers assigned the agent a broad execution role. This role granted access to multiple S3 buckets, including one containing sensitive customer records. The over-permissioning wasn’t malicious; it stemmed from the complexity of IAM policy creation and the difficulty of identifying which buckets held sensitive data.
The team assumed the agent would only use the intended documents. However, they did not fully consider how employees might interact with the agent or how it might act on the data it processed.
When an employee asked a routine question about quarterly customer activity, the agent surfaced insights that included regulated data, revealing it to someone without the appropriate access.
This wasn’t a case of prompt injection or model manipulation. The agent simply followed instructions and used the resources it was allowed to access. The exposure was valid under IAM policy, but entirely unintended.
How Darktrace / CLOUD prevents these risks
Darktrace / CLOUD helps organizations avoid scenarios like unintended data exposure by providing layered visibility and intelligent analysis across Bedrock and SageMaker environments. Here’s how each capability works in practice:
Configuration-level visibility
Bedrock deployments often involve multiple components: agents, guardrails, and foundation models, each with its own configuration. Darktrace / CLOUD indexes these configurations so teams can:
Inspect deployed agents and confirm they are connected only to approved data sources.
Track evaluation job setups and their links to Amazon S3 datasets, uncovering hidden data flows that could expose sensitive information.
Maintain full awareness of all AI components, reducing the chance of overlooked assets introducing risk.
By unifying configuration data across Bedrock, SageMaker, and other AWS services, Darktrace / CLOUD provides a single source of truth for AI asset visibility. Teams can instantly see how each component is configured and whether it aligns with corporate security policies. This eliminates guesswork, accelerates audits, and helps prevent misaligned settings from creating data exposure risks.
Figure 1: Agents for bedrock relationship views
Architectural awareness
Complex AI environments can make it difficult to understand how components interact. Darktrace / CLOUD generates real-time architectural diagrams that:
Visualize relationships between agents, models, and datasets.
Highlight unintended data access paths or risk propagation across interconnected services.
This clarity helps security teams spot vulnerabilities before they lead to exposure. By surfacing these relationships dynamically, Darktrace / CLOUD enables proactive risk management, helping teams identify architectural drift, redundant data connections, or unmonitored agents before attackers or accidental misuse can exploit them. This reduces investigation time and strengthens compliance confidence across AI workloads.
Figure 2: Full Bedrock agent architecture including lambda and IAM permission mapping
Access & privilege analysis
IAM permissions apply to every AWS service, including Bedrock. When Bedrock agents assume IAM roles that were broadly defined for other workloads, they often inherit excessive privileges. Without strict least-privilege controls, the agent may have access to far more data and services than required, creating avoidable security exposure. Darktrace / CLOUD:
Reviews execution roles and user permissions to identify excessive privileges.
Flags anomalies that could enable privilege escalation or unauthorized API actions.
This ensures agents operate within the principle of least privilege, reducing attack surface. Beyond flagging risky roles, Darktrace / CLOUD continuously learns normal patterns of access to identify when permissions are abused or expanded in real time. Security teams gain context into why an action is anomalous and how it could affect connected assets, allowing them to take targeted remediation steps that preserve productivity while minimizing exposure.
Misconfiguration detection
Misconfigurations are a leading cause of cloud security incidents. Darktrace / CLOUD automatically detects:
Publicly accessible S3 buckets that may contain sensitive training data.
Missing guardrails in Bedrock deployments, which can allow inappropriate or sensitive outputs.
Other issues such as lack of encryption, direct internet access, and root access to models.
By surfacing these risks early, teams can remediate before they become exploitable. Darktrace / CLOUD turns what would otherwise be manual reviews into automated, continuous checks, reducing time to discovery and preventing small oversights from escalating into full-scale incidents. This automated assurance allows organizations to innovate confidently while keeping their AI systems compliant and secure by design.
Figure 3: Configuration data for Anthropic foundation model
Behavioral anomaly detection
Even with correct configurations, behavior can signal emerging threats. Using AWS CloudTrail, Darktrace / CLOUD:
Monitors for unusual data access patterns, such as agents querying unexpected datasets.
Detects anomalous training job invocations that could indicate attempts to pollute models.
This real-time behavioral insight helps organizations respond quickly to suspicious activity. Because it learns the “normal” behavior of each Bedrock component over time, Darktrace / CLOUD can detect subtle shifts that indicate emerging risks, before formal indicators of compromise appear. The result is faster detection, reduced investigation effort, and continuous assurance that AI-driven workloads behave as intended.
Conclusion
Generative AI introduces transformative capabilities but also complex risks that evolve alongside innovation. The flexibility of services like Amazon Bedrock enables new efficiencies and insights, yet even legitimate use can inadvertently expose sensitive data or bypass security controls. As organizations embrace AI at scale, the ability to monitor and secure these environments holistically, without slowing development, is becoming essential.
By combining deep configuration visibility, architectural insight, privilege and behavior analysis, and real-time threat detection, Darktrace gives security teams continuous assurance across AI tools like Bedrock and SageMaker. Organizations can innovate with confidence, knowing their AI systems are governed by adaptive, intelligent protection.
Vo1d malware first appeared in the wild in September 2024 and has since evolved into one of the most widespread Android botnets ever observed. This large-scale Android malware primarily targets smart TVs and low-cost Android TV boxes. Initially, Vo1d was identified as a malicious backdoor capable of installing additional third-party software [1]. Its functionality soon expanded beyond the initial infection to include deploying further malicious payloads, running proxy services, and conducting ad fraud operations. By early 2025, it was estimated that Vo1d had infected 1.3 to 1.6 million devices worldwide [2].
From a technical perspective, Vo1d embeds components into system storage to enable itself to download and execute new modules at any time. External researchers further discovered that Vo1d uses Domain Generation Algorithms (DGAs) to create new command-and-control (C2) domains, ensuring that regardless of existing servers being taken down, the malware can quickly reconnect to new ones. Previous published analysis identified dozens of C2 domains and hundreds of DGA seeds, along with new downloader families. Over time, Vo1d has grown increasingly sophisticated with clear signs of stronger obfuscation and encryption methods designed to evade detection [2].
Darktrace’s coverage
Earlier this year, Darktrace observed a surge in Vo1d-related activity across customer environments, with the majority of affected customers based in South Africa. Devices that had been quietly operating as expected began exhibiting unusual network behavior, including excessive DNS lookups. Open-source intelligence (OSINT) has long highlighted South Africa as one of the countries most impacted by Vo1d infections [2].
What makes the recent activity particularly interesting is that the surge observed by Darktrace appears to be concentrated specifically in South African environments. This localized spike suggests that a significant number of devices may have been compromised, potentially due to vulnerable software, outdated firmware, or even preloaded malware. Regions with high prevalence of low-cost, often unpatched devices are especially susceptible, as these everyday consumer electronics can be quietly recruited into the botnet’s network. This specifically appears to be the case with South Africa, where public reporting has documented widespread use of low-cost boxes, such as non-Google-certified Android TV sticks, that frequently ship with outdated firmware [3].
The initial triage highlighted the core mechanism Vo1d uses to remain resilient: its use of DGA. A DGA deterministically creates a large list of pseudo-random domain names on a predictable schedule. This enables the malware to compute hundreds of candidate domains using the same algorithm, instead of using a hard-coded single C2 hostname that defenders could easily block or take down. To ensure reproducible from the infected device’s perspective, Vo1d utilizes DGA seeds. These seeds might be a static string, a numeric value, or a combination of underlying techniques that enable infected devices to generate the same list of candidate domains for a time window, provided the same DGA code, seed, and date are used.
Interestingly, Vo1d’s DGA seeds do not appear to be entirely unpredictable, and the generated domains lack fully random-looking endings. As observed in Figure 1, there is a clear pattern in the names generated. In this case, researchers identified that while the first five characters would change to create the desired list of domain names, the trailing portion remained consistent as part of the seed: 60b33d7929a, which OSINT sources have linked to the Vo1d botnet. [2]. Darktrace’s Threat Research team also identified a potential second DGA seed, with devices in some cases also engaging in activity involving hostnames matching the regular expression /[a-z]{5}fc975904fc9\.(com|top|net). This second seed has not been reported by any OSINT vendors at the time of writing.
Another recurring characteristic observed across multiple cases was the choice of top-level domains (TLDs), which included .com, .net, and .top.
Figure 1: Advanced Search results showing DNS lookups, providing a glimpse on the DGA seed utilized.
The activity was detected by multiple models in Darktrace / NETWORK™, which triggered on devices making an unusually large volume of DNS requests for domains uncommon across the network.
During the network investigation, Darktrace analysts traced Vo1d’s infrastructure and uncovered an interesting pattern related to responder ASNs. A significant number of connections pointed to AS16509 (AMAZON-02). By hosting redirectors or C2 nodes inside major cloud environments, Vo1d is able to gain access to highly available and geographically diverse infrastructure. When one node is taken down or reported, operators can quickly enable a new node under a different IP within the same ASN. Another feature of cloud infrastructure that hardens Vo1d’s resilience is the fact that many organizations allow outbound connections to cloud IP ranges by default, assuming they are legitimate. Despite this, Darktrace was able to identify the rarity of these endpoints, identifying the unusualness of the activity.
Analysts further observed that once a generated domain successfully resolved, infected devices consistently began establishing outbound connections to ephemeral port ranges like TCP ports 55520 and 55521. These destination ports are atypical for standard web or DNS traffic. Even though the choice of high-numbered ports appears random, it is likely far from not accidental. Commonly used ports such as port 80 (HTTP) or 443 (HTTPS) are often subject to more scrutiny and deeper inspection or content filtering, making them riskier for attackers. On the other hand, unregistered ports like 55520 and 55521 are less likely to be blocked, providing a more covert channel that blends with outbound TCP traffic. This tactic helps evade firewall rules that focus on common service ports. Regardless, Darktrace was able to identify external connections on uncommon ports to locations that the network does not normally visit.
The continuation of the described activity was identified by Darktrace’s Cyber AI Analyst, which correlated individual events into a broader interconnected incident. It began with the multiple DNS requests for the algorithmically generated domains, followed by repeated connections to rare endpoints later confirmed as attacker-controlled infrastructure. Cyber AI Analyst’s investigation further enabled it to categorize the events as part of the “established foothold” phase of the attack.
Figure 2: Cyber AI Analyst incident illustrating the transition from DNS requests for DGA domains to connections with resolved attacker-controlled infrastructure.
Conclusion
The observations highlighted in this blog highlight the precision and scale of Vo1d’s operations, ranging from its DGA-generated domains to its covert use of high-numbered ports. The surge in affected South African environments illustrate how regions with many low-cost, often unpatched devices can become major hubs for botnet activity. This serves as a reminder that even everyday consumer electronics can play a role in cybercrime, emphasizing the need for vigilance and proactive security measures.
Credit to Christina Kreza (Cyber Analyst & Team Lead) and Eugene Chua (Principal Cyber Analyst & Team Lead)
Edited by Ryan Traill (Analyst Content Lead)
Appendices
Darktrace Model Detections
Anomalous Connection / Devices Beaconing to New Rare IP
Anomalous Connection / Multiple Connections to New External TCP Port
Anomalous Connection / Multiple Failed Connections to Rare Endpoint
Compromise / DGA Beacon
Compromise / Domain Fluxing
Compromise / Fast Beaconing to DGA
Unusual Activity / Unusual External Activity
List of Indicators of Compromise (IoCs)
3.132.75[.]97 – IP address – Likely Vo1d C2 infrastructure
The content provided in this blog is published by Darktrace for general informational purposes only and reflects our understanding of cybersecurity topics, trends, incidents, and developments at the time of publication. While we strive to ensure accuracy and relevance, the information is provided “as is” without any representations or warranties, express or implied. Darktrace makes no guarantees regarding the completeness, accuracy, reliability, or timeliness of any information presented and expressly disclaims all warranties.
Nothing in this blog constitutes legal, technical, or professional advice, and readers should consult qualified professionals before acting on any information contained herein. Any references to third-party organizations, technologies, threat actors, or incidents are for informational purposes only and do not imply affiliation, endorsement, or recommendation.
Darktrace, its affiliates, employees, or agents shall not be held liable for any loss, damage, or harm arising from the use of or reliance on the information in this blog.
The cybersecurity landscape evolves rapidly, and blog content may become outdated or superseded. We reserve the right to update, modify, or remove any content.
