Press Release

April 14, 2023 11:42 AM

Updated statement regarding LockBit claims

Mike Beck, Chief Information Security Officer, Darktrace

We have completed a thorough security investigation following yesterday’s tweets by LockBit claiming they had compromised Darktrace’s internal systems. We can confirm that there has been no compromise of our systems or any of our affiliate systems. Our service to our customers remains uninterrupted and is operating as normal and no further action is required.

Press Release

April 13, 2023 9:30 AM

Statement regarding LockBit claims

Earlier this morning we became aware of tweets from LockBit, the cyber-criminal gang, claiming that they had compromised Darktrace’s internal security systems and had accessed our data. Our security teams have run a full review of our internal systems and can see no evidence of compromise. None of the LockBit social media posts link to any compromised Darktrace data. We will continue to monitor the situation extremely closely, but based on our current investigations we are confident that our systems remain secure and all customer data is fully protected.

Press Release

Major Upgrade to Darktrace/Email™ Product Defends Organizations Against Evolving Cyber Threat Landscape, Including Generative AI Business Email Compromises and Novel Social Engineering Attacks

Cambridge, UK
April 3, 2023

Media coverage

News publication logo

Major Upgrade to Darktrace/Email™ Product Defends Organizations Against Evolving Cyber Threat Landscape, Including Generative AI Business Email Compromises and Novel Social Engineering Attacks

Read the story
April 3, 2023
  • Darktrace/Email already used by over 3,000 organizations worldwide
  • Darktrace/Email able to detect novel email attacks 13 days earlier on average than email security tools that are trained on knowledge of past threats
  • Darktrace research reveals 135% increase in ‘novel social engineering’ attacks in 2023 amidst widespread availability of ChatGPT

Darktrace, a global leader in cyber security AI, today announces availability of a major new upgrade to Darktrace/Email, its Gartner Peer Insights top-rated email offering that stops the most sophisticated email security risks through its unique understanding of you, rather than knowledge of past attacks. As part of the Darktrace Cyber AI Loop™, Darktrace/Email’s new capabilities include an AI-employee feedback loop, account takeover protection, insights from endpoint, network and cloud, and behavioral detections of misdirected emails. These capabilities enhance security and productivity for employees and security teams in organizations protected by Darktrace/Email. Darktrace/Email is already a leading technology in the industry and this upgrade builds on the success of the company’s previous email product which was initially launched in 2019 and is used by over 3,000 organizations globally1.

As organizations continue to rely on email as their primary collaboration and communication tool, email security tools that rely on knowledge of past threats are failing to future-proof organizations and their people against evolving email threats. Darktrace analysis reveals that other email security solutions, including native, cloud and ‘static AI’ tools, take an average of 13 days from an attack being launched on a victim to that attack being detected, leaving defenders vulnerable for almost two weeks if they rely solely on these tools2. In contrast, Darktrace/Email is capable of detecting attacks as soon as they are launched because it is not trained on what ‘bad’ has historically looked like, but instead learns you, the normal patterns of life for each unique organization.

This deep understanding of you is critical against the increase in both novel, ‘never seen before’ email attacks and increasingly linguistically complex malicious communication. Darktrace researchers observed a 135% increase in ‘novel social engineering attacks’ across thousands of active Darktrace/Email customers from January to February 2023, corresponding with the widespread adoption of ChatGPT3. These novel social engineering attacks use sophisticated linguistic techniques, including increased text volume, punctuation, and sentence length. At the same time there has been a decline in malicious emails containing links or attachments. The trend suggests that generative AI, such as ChatGPT, is providing an avenue for threat actors to craft sophisticated and targeted attacks at speed and scale.

With this upgrade, Darktrace Cyber AI Analyst™ now combines anomalous email activity with other data sources including endpoint, network, cloud, apps and OT, automating investigations and incident reporting. The ability to combine and analyze data sources from different parts of the organization in the same system to mutually strengthen email and network security is a Darktrace patented technology4. Sophisticated cyber-attacks most often start in the inbox but frequently traverse into other areas such as the network; an example being multi-stage ransomware attacks. With greater context around its discoveries, Darktrace’s AI is capable of more informed decision making. The algorithms have a full picture of what ‘normal’ looks like for a user from multiple perspectives to produce high-fidelity conclusions that are contextualized and actionable, saving human security teams’ time.

Darktrace/Email’s new capabilities include:
  • Account takeover and email protection in a single product.
  • Behavioral detections of misdirected emails, preventing intellectual property or confidential information being sent to the wrong recipient.
  • Employee-AI loop that leverages insights from each individual employee to inform Darktrace’s AI and brings Darktrace’s explainable AI to employees to provide real-time, in-context insights and security awareness.
  • Intelligent mail management for improved productivity against graymail, spam, and newsletters that clutter inboxes.
  • Optimized workflows & integrations for security teams, including the Darktrace mobile app.
  • Automated investigations of email incidents with other coverage areas with Darktrace’s Cyber AI Analyst.
“The fact that Darktrace detects new email attacks instantly, 13 days before anybody else does, is a game changer. For CIOs hours are important but two weeks is the difference between protection and devastation,” commented Gregory Smith, author of ‘The New Normal in IT’, Professor at Georgetown University, and CIO/CTO.
“Darktrace’s AI is best in class because it is focused on one thing: our organization and our data, not an aggregate of thousands of organization’s data in the cloud somewhere.”
"Email is the key vulnerability for businesses today. Defenders are up against sophisticated generative AI attacks and entirely novel scams that use techniques and reference topics that we have never seen before. In a world of increasing AI-powered attacks, we can no longer put the onus on humans to determine the veracity of communications they receive. This is now a job for artificial intelligence,” commented Max Heinemeyer, Chief Product Officer, Darktrace.
“Darktrace continues to lead the evolution of the cyber security industry through its unique approach that focuses not on past attacks, but on understanding the organization and how the people within it behave in order to stop novel social engineering attacks.”

  1. Darktrace/Email total customer count as of December 2022.
  2. 13 days mean average of phishing payloads active in the wild between the response of Darktrace/Email compared to the earliest of 16 independent feeds submitted by other email security technologies.
  3. Based on the average change in email attacks between January and February 2023 detected across Darktrace/Email deployments with control of outliers.
  4. 'Cyber Threat Defense System Protecting Email Networks with Machine Learning Models

About Darktrace

Darktrace (DARK.L), a global leader in cyber security artificial intelligence, delivers complete AI-powered solutions in its mission to free the world of cyber disruption. Breakthrough innovations from the Darktrace Cyber AI Research Centre in Cambridge, UK and its R&D centre in The Hague, The Netherlands have resulted in over 125 patent applications filed and significant research published to contribute to the cyber security community. Darktrace’s technology continuously learns and updates its knowledge of 'you' for an organization and applies that understanding to achieve an optimal state of cyber security. It is delivering the first ever Cyber AI Loop, fuelling a continuous end-to-end security capability that can autonomously prevent, detect, and respond to novel, in-progress threats in real time. Darktrace employs over 2,200 people around the world and protects over 8,100 organizations globally from advanced cyber-threats. It was named one of TIME magazine’s ‘Most Influential Companies’ in 2021.

share this article