Press Release
Updated statement regarding LockBit claims
We have completed a thorough security investigation following yesterday’s tweets by LockBit claiming they had compromised Darktrace’s internal systems. We can confirm that there has been no compromise of our systems or any of our affiliate systems. Our service to our customers remains uninterrupted and is operating as normal and no further action is required.
Press Release
Statement regarding LockBit claims
Earlier this morning we became aware of tweets from LockBit, the cyber-criminal gang, claiming that they had compromised Darktrace’s internal security systems and had accessed our data. Our security teams have run a full review of our internal systems and can see no evidence of compromise. None of the LockBit social media posts link to any compromised Darktrace data. We will continue to monitor the situation extremely closely, but based on our current investigations we are confident that our systems remain secure and all customer data is fully protected.
Press Release
Darktrace Half-Year Threat Report 2024 Reveals Persistent Cybercrime-as-a-Service Threats Amidst Evolving Attack Landscape
Darktrace Half-Year Threat Report 2024 Reveals Persistent Cybercrime-as-a-Service Threats Amidst Evolving Attack Landscape
- Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) continue to dominate the threat landscape
- Email phishing remains a top threat, with 17.8million phishing emails detected between December 2023 and July 2024, and 62% by passing DMARC checks designed to safeguard against unauthorized use
- Emergence of new threats such as Qilinransomware and increased exploitation of edge infrastructure vulnerabilities
Darktrace, a global leader in cybersecurity AI, has today released its “First 6: Half-Year Threat Report 2024,” identifying key threats and attack methods facing businesses across the first half of 2024.These insights, observed by Darktrace's Threat Research team using its unique Self-Learning AI across its customer fleet, shed light on the persistent nature of cyber threats and new techniques adopted by attackers attempting to side step traditional defenses.
"The threat landscape continues to evolve, but new threats often build upon old foundations rather than replacing them. While we have observed the emergence of new malware families, many attacks are carried out by the usual suspects that we have seen over the last few years, still utilizing familiar techniques and malware variants,” comments Nathaniel Jones, Director of Strategic Threat and Engagement at Darktrace. "The persistence of MaaS/RaaS service models alongside the emergence of newer threats like Qilin ransomware underscores the continued need for adaptive, machine learning powered, security measures that can keep pace with a rapidly evolving threatlandscape."
Cybercrime-as-a-Service continues to pose significant risk for organizations
The findings show that cybercrime-as-a-service continues to dominate the threat landscape, with Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) tools making up a significant portion of malicious tools in use by attackers. Cybercrime-as-a-Service groups, such as Lockbit and Black Basta, provide attackers with everything from pre-made malware to templates for phishing emails, lowering the barrier to entry for cybercriminals with limited technical knowledge.
The most common threats Darktrace observed from January toJune 2024 were:
1. Information-stealing malware (29% of early triaged investigations)
2. Trojans (15% of investigated threats)
3. Remote Access Trojans (RATs) (12% of investigated threats)
4. Botnets (6% of investigated threats)
5. Loaders (6% of investigated threats)
The report also reveals the emergence of new threats alongside persistent ones. Notably, the rise of Qilin ransomware, which employs refined tactics such as rebooting infected machines in safe mode to bypass security tools and making it more difficult for human security teams to react quickly.
Per the report, double extortion methods are now prevalent amongst ransomware strains. As ransomware continues to be a top security concern for organizations, Darktrace’s Threat Research Team has identified three predominant ransomware strains impacting customers: Akira, Lockbit and Black Basta. All three have been observed using double extortion methods.
Email phishing and sophisticated evasion tactics rise
Phishing remains a significant threat to organizations. Darktrace detected 17.8 million phishing emails across its customer fleet between December 21, 2023, and July 5, 2024. Alarmingly, 62% of these emails successfully bypassed Domain-based Message Authentication, Reporting, and Conformance (DMARC) verification checks which are industry protocols designed to protect email domains from unauthorized use, and 56% passed through all existing security layers.
The report highlights how cybercriminals are embracing more sophisticated tactics, techniques and procedures (TTPs) designed to evade traditional security parameters. Darktrace observed an increase in attackers leveraging popular, legitimate third-party services and sites, such as Dropbox and Slack, in their operations to blend in with normal network traffic. Additionally, there's been a spike in the use of covert command and control (C2) mechanisms, including remote monitoring and management (RMM) tools, tunneling,and proxy services.
Edge infrastructure compromise and exploitation of critical vulnerabilities are top concerns
Darktrace observed an increase in mass-exploitation ofvulnerabilities in edge infrastructure devices, particularly those related to Ivanti Connect Secure, JetBrains Team City, FortiClient Enterprise Management Server, and Palo Alto Networks PAN-OS. These compromises often serve as a springboard for further malicious activities.
It is imperative that organizations do not lose sight of existing attack trends and CVEs – cybercriminals may resort to previous, predominately dormant methods to trick organizations. Between January and June, in 40% of cases investigated by the Threat Research team, attackers exploited Common Vulnerabilities and Exposures (CVEs).
For more in-depth analysis, download the First 6: Half-Year Threat Report 2024 at https://darktrace.com/resources/first-6-half-year-threat-report-2024
ABOUT DARKTRACE
Darktrace (DARK.L), a global leader in cybersecurity artificial intelligence, is on a mission to free the world from cyber disruption. Breakthrough innovations from our R&D teams in Cambridge, UK, and The Hague, Netherlands have resulted in over 200 patent applications filed. Rather than study historic attacks, Darktrace's technology continuously learns and updates its knowledge of your business data and applies that understanding to help transform security operations to a state of proactive cyber resilience. The Darktrace ActiveAI Security Platform™ provides a full lifecycle approach to cyber resilience that can autonomously spot and respond to known and unknown in progress threats within seconds across the entire organization, including cloud, apps, email, endpoint, network and operational technology (OT). Darktrace, which listed on the London Stock Exchange in 2021, employs over 2,400 people around the world and protects over 9,700 customers globally from advanced cyber threats. To learn more, visit https://darktrace.com/.