Darktrace has completed the acquisition of Cado Security.
Read the announcement press release here
Platform
Products
/ NETWORK
Proactive protection
/ EMAIL
Cloud-native AI security
/ CLOUD
Complete cloud coverage
/ OT
Comprehensive risk management
/ IDENTITY
360° user protection
/ ENDPOINT
Coverage for every device
/ Proactive Exposure Management
/ Attack Surface Management
/ Incident Readiness & Recovery
Cyber AI Analyst
Investigates every alert like a human analyst, at the speed and scale of AI
Darktrace Services
Maximize your security investments with 24/7 expert support and incident management from our global SOC team.
AI Research Centre
Resources
Customers
Blog
Events
Inside the SOC
The Inference
Glossary
All resources
White paper
The AI Arsenal: Understanding the Tools Shaping Cybersecurity
Company
Careers
Leadership
News
Federal
Investors
Academy
Legal
About us
Contact
Partners
Overview
Partner Portal
Technology Partners
Integrations
Featured Partners
Microsoft
AWS
Mclaren
Products
Overview
/ NETWORK
Proactive protection
/ EMAIL
Cloud-native AI security
/ CLOUD
Complete cloud coverage
/ OT
Defend critical systems
/ IDENTITY
360° user protection
/ ENDPOINT
Coverage for every device
/Proactive Exposure Management
/Attack Surface Management
/Incident Readiness & Recovery
Cyber AI Analyst
Services
AI Research Centre
Resources
All Resources
Customers
Blog
Events
The Inference
Inside the SOC
Glossary
Company
About us
Contact
Careers
Leadership
News
Federal
Academy
Legal
Partners
Overview
Partner Portal
Technology Partners
Become a Partner
Integrations
Microsoft
AWS
Mclaren
Get a demo
Get a demo
Register now
Darktrace / Network blog
Across the network
Darktrace / Network is in action all over the globe. Learn more about what’s behind it from Darktrace experts.
Latest Blog Posts
Blog
RansomHub Revisited: New Front-Runner in the Ransomware-as-a-Service Marketplace
Discover how RansomHub is rising in the ransomware landscape, using tools like Atera and Splashtop, reconnaissance tactics, and double extortion techniques.
Blog
Reimagining Your SOC: Unlocking a Proactive State of Security
Reimagining your SOC Part 3/3: This blog explores the challenges security professionals face in managing cyber risk, evaluates current market solutions, and outlines strategies for building a proactive security posture.
Blog
Reimagining Your SOC: How to Achieve Proactive Network Security
Reimagining your SOC Part 1/3: This blog shows how security teams can move to autonomous detection and investigation of novel threats, reducing alert fatigue, and enabling tailored, real-time threat response.
Blog
RansomHub Ransomware: Darktrace’s Investigation of the Newest Tool in ShadowSyndicate's Arsenal
Between September and October 2024, Darktrace investigated several customer networks compromised by RansomHub attacks. Further analysis revealed a connection to the ShadowSyndicate threat group. Read on to discover how these entities are linked and the tactics, techniques, and procedures employed in these attacks.
Blog
Cleo File Transfer Vulnerability: Patch Pitfalls and Darktrace’s Detection of Post-Exploitation Activities
File transfer applications are prime targets for ransomware groups due to their critical role in business operations. Recent vulnerabilities in Cleo's MFT software, namely CVE-2024-50623 and CVE-2024-55956, highlight ongoing risks. Read more about the Darktrace Threat Research team’s investigation into these vulnerabilities.
Blog
Company Shuts Down Cyber-attacks with “Flawless” Detection and Response from Darktrace
This blog explores how Darktrace shut down a major third-party cyber-attack, preventing the deployment of ransomware. Read more to discover how the security team now spends 80-90% of their time working on more strategic projects vs. manual, low-level tasks.
Blog
Darktrace is Positioned as a Leader in the IDC MarketScape: Worldwide Network Detection and Response 2024 Vendor Assessment
Darktrace is recognized as a Leader in the IDC MarketScape. Read this blog to find out more about Darktrace's leadership in the market and our pioneering leadership in AI over the past decade, alongside a variety of other unique differentiators and innovations in the NDR industry.
Blog
Darktrace’s view on Operation Lunar Peek: Exploitation of Palo Alto firewall devices (CVE 2024-0012 and 2024-9474)
Darktrace’s Threat Research team investigated a major campaign exploiting vulnerabilities in Palo Alto firewall devices (CVE 2024-0012 and 2024-9474). Learn about the spike in post-exploitation activities and understand the need for anomaly-based detection to stay ahead of evolving threats.
Blog
Darktrace Leading the Future of Network Detection and Response With Recognition from KuppingerCole
Darktrace just picked up the title of "Overall Leader" in KuppingerCole's 2024 Leadership Compass for Network Detection and Response (NDR). Why? Our Self-Learning AI and smart automation make tackling threats faster and easier, helping security teams stay ahead of the game.
Blog
From Royal to BlackSuit: Understanding the Tactics and Impact of a Sophisticated Ransomware Strain
Since late 2023, Darktrace has tracked BlackSuit ransomware, a sophisticated spinoff of Royal ransomware, targeting various industries. Using double extortion tactics, BlackSuit demands substantial ransoms, causing significant disruption. Darktrace’s proactive measures highlight the need for robust cybersecurity to counteract these evolving threats and protect critical assets.
Blog
Post-Exploitation Activities on Fortinet Devices: A Network-Based Analysis
This blog explores recent findings from Darktrace's Threat Research team on active exploitation campaigns targeting Fortinet appliances. This analysis focuses on the September 2024 exploitation of FortiManager via CVE-2024-47575, alongside related malicious activity observed in June 2024.
Blog
Triaging Triada: Understanding an Advanced Mobile Trojan and How it Targets Communication and Banking Applications
Android-based malware like Triada is increasingly targeting banking and communication apps to steal sensitive data. Triada uses sophisticated methods to evade detection, exfiltrating data to C2 servers via algorithmically generated hostnames. This underscores the need for advanced security measures to protect against these evolving threats and safeguard user data.
Blog
From Call to Compromise: Darktrace’s Response to a Vishing-Induced Network Attack
When a remote user fell victim to a vishing attack, allowing a malicious actor to gain access to a customer network, Darktrace swiftly detected the intrusion and responded effectively. This prompt action prevented any data loss and reinforced trust in Darktrace’s robust security measures.
Blog
FortiClient EMS exploited: Inside the attack chain and post-exploitation tactics
Soon after CVE-2023-48788 was publicly disclosed in late March 2024, Darktrace began to see compromises in FortiClient EMS devices on customer networks. Read on to find out more about what our Threat Research team uncovered.
Blog
Lifting the Fog: Darktrace’s Investigation into Fog Ransomware
In early May 2024, Fog ransomware was first observed in the wild, seemingly targeting US-based educational organizations. Read on to find out about Darktrace’s investigation into this novel ransomware threat.
Blog
Decrypting the Matrix: How Darktrace Uncovered a KOK08 Ransomware Attack
In May 2024, a Darktrace customer was affected by KOK08, a ransomware strain commonly used by the Matrix ransomware family. Learn more about the tactics used by this ransomware case, including double extortion, and how Darktrace is able to detect and respond to such threats.
Blog
Jupyter Ascending: Darktrace’s Investigation of the Adaptive Jupyter Information Stealer
Informational stealers are a variant of malware designed to gather and exfiltrate sensitive information from targeted networks, this can include bank details, privileged user credentials and cryptocurrency wallet information. In late 2023, Darktrace’s Threat Research team investigated another strain on the rise, Jupyter.
Blog
A Busy Agenda: Darktrace’s Detection of Qilin Ransomware-as-a-Service Operator
This blog examines the tactics, techniques and procedures associated with the notorious Ransomware-as-a-Service operator Qilin. Darktrace’s Threat Research team investigated several examples of Qilin actors targeting Darktrace customers between 2022 and 2024.
Blog
Elevating Network Security: Confronting Trust, Ransomware, & Novel Attacks
Ensuring trust, battling ransomware, and detecting novel attacks pose critical challenges in network security. This blog explores these challenges and shows how leveraging AI-driven security solutions helps security teams stay informed and effectively safeguard their network.
Blog
Medusa Ransomware: Looking Cyber Threats in the Eye with Darktrace
This blog investigates Medusa ransomware, a Ransomware-as-a-Service (RaaS) variant that is known to use living off the land techniques to infect target networks and move towards its ultimate goals, data encryption and exfiltration.
Next
Use cases
Blog
Customer stories
Integrations
Get a demo