Press Release

April 14, 2023 11:42 AM

Updated statement regarding LockBit claims

Mike Beck, Chief Information Security Officer, Darktrace

We have completed a thorough security investigation following yesterday’s tweets by LockBit claiming they had compromised Darktrace’s internal systems. We can confirm that there has been no compromise of our systems or any of our affiliate systems. Our service to our customers remains uninterrupted and is operating as normal and no further action is required.

Press Release

April 13, 2023 9:30 AM

Statement regarding LockBit claims

Earlier this morning we became aware of tweets from LockBit, the cyber-criminal gang, claiming that they had compromised Darktrace’s internal security systems and had accessed our data. Our security teams have run a full review of our internal systems and can see no evidence of compromise. None of the LockBit social media posts link to any compromised Darktrace data. We will continue to monitor the situation extremely closely, but based on our current investigations we are confident that our systems remain secure and all customer data is fully protected.

Press Release

Darktrace Newsroom™ Capability Shortens Time from News Headline to Cyber Security Action

Newsroom now generally available in Darktrace PREVENT™ product
Cambridge, UK
February 23, 2023

Media coverage

News publication logo

Darktrace Newsroom™ Capability Shortens Time from News Headline to Cyber Security Action

Read the story
February 23, 2023

Darktrace, a global leader in cyber security artificial intelligence, today announces the general availability of Darktrace NewsroomTM, an AI-driven system that continuously monitors open-source intelligence sources for new critical vulnerabilities and assesses each organization’s exposure through its in-depth knowledge of their unique external attack surface. Darktrace’s knowledge of “self” means it can quickly assess which assets are potentially affected by the emerging critical vulnerability and can provide mitigation advice specific to the organization so that it stays protected.

New critical vulnerabilities, such as Log4J and ProxyLogon, make news headlines regularly and the average time to exploitation has shrunk to just fifteen days. Cyber security teams need to be able to quickly answer the question, “Are we vulnerable? And where?”. Traditional vulnerability management programs are typically resource intensive, involving the constant monitoring of security news feeds and intelligence sources. Meanwhile, exposure tests from vulnerability scanners take time, leaving IT security teams exposed in the absence of a quick initial indicator of their unique exposure to the emerging threat.

Darktrace Newsroom  uses AI to monitor threat feeds and OSINT sources for new critical vulnerabilities and publishes them on the Darktrace PREVENT™ dashboard as part of the Newsroom feed. Newsroom shows a summary of the vulnerability, the affected software, and reveals how many assets have been found to run this software within the organization. This capability augments the human security team by quickly determining whether an organization is affected by a new vulnerability, alleviating lengthy, labor-intensive manual processes. Traditionally, security teams had to take longer periods of time to work out whether they were affected when a vulnerability emerged, allowing a window for aggressive, fast-moving attackers to breach their organizations, often within hours.

“From the moment a new vulnerability hits the headlines, it effectively sets off a ticking time-bomb which any security team will need to scramble to diffuse. The cadence of new vulnerabilities has made it impossible for human teams alone to keep up,” says Jim Webber, VP Enterprise Security and Fraud Management, Direct Federal Credit Union, a fast-growing, progressive financial co-operative which provides savings, loans and a range of services to its members located in the heart of the N2 Innovation District in Needham, MA.
“As a security leader, the thing I want to know when a new vulnerability hits the headlines is, ‘Is my organization vulnerable? And if so, which assets are affected and how do I protect them?’ Historically, there was no way to do this quickly and accurately. Newsroom is a game-changer because it delivers those answers on a plate for you, fast.”
“Against the backdrop of rapidly expanding attack surfaces and rising numbers of new, critical vulnerabilities, Newsroom is a vital component in a security team’s arsenal of proactive capabilities,” commented Pieter Jansen, SVP of Cyber Innovation, Darktrace.
“When news of a vulnerability hits, security leaders need to know how it affects them specifically before their CISO, or the Board, demands answers. This latest innovation shows our continued commitment to augmenting human capabilities by combining the intelligence of always-on, self-learning AI with the unique skills of human security teams.”

Darktrace Newsroom is part of the Darktrace PREVENT product family launched last summer.

For early adopters of the capability, Newsroom provided critical insights on several emerging vulnerabilities such as:

  • An unauthenticated RCE vulnerability found in Citrix Gateway and CitrixADC. This would allow attackers to remotely execute commands to place malware or other malicious code on a computer or network without any need for input from the victim.
  • RCE flaw, often used in shadow IT, found in CentOS Web Panel 7 Servers which allows attackers to execute malicious commands during the login process
  • Unauthenticated remote code execution vulnerability affecting almost all Zoho ManageEngine products which is a blind spot for most organizations. In the worst-case scenario, attackers could use this vulnerability to gain complete control of the system running the product, pivot to other systems in the organization, dump credentials and deploy ransomware.

Successful exploitation of any one of these vulnerabilities can lead to data breaches with accompanying large fines. The insights provided by Darktrace Newsroom allowed the security teams to understand, within an average of two and a half hours, if and where on their attack surface those vulnerabilities were likely to manifest. As a result, these organizations were able to carry out timely mitigation actions and prevent any exploits.

About Darktrace

Darktrace (DARK.L), a global leader in cyber security artificial intelligence, delivers complete AI-powered solutions in its mission to free the world of cyber disruption. Breakthrough innovations from the Darktrace Cyber AI Research Centre in Cambridge, UK and its R&D centre in The Hague, The Netherlands have resulted in over 125 patent applications filed and significant research published to contribute to the cyber security community. Darktrace’s technology continuously learns and updates its knowledge of 'you' for an organization and applies that understanding to achieve an optimal state of cyber security. It is delivering the first ever Cyber AI Loop, fuelling a continuous end-to-end security capability that can autonomously prevent, detect, and respond to novel, in-progress threats in real time. Darktrace employs over 2,200 people around the world and protects over 8,100 organizations globally from advanced cyber-threats. It was named one of TIME magazine’s ‘Most Influential Companies’ in 2021.

share this article