Out-of-hours attacks continue to be a large stress for security teams, however with RESPOND, companies can stop threats without the need for 24/7 human monitoring. This blog explores a nighttime incident where RESPOND triggered a decisive model breach but was prevented from acting without human input.

Since the release of version 2 of Raccoon Stealer in May 2022, Darktrace’s SOC has observed a continuous surge in Raccoon Stealer v2 activity. In this blog, we will outline the typical steps of a Raccoon Stealer v2 infection, paying close attention to the info-stealer’s network-based behaviors.

In March 2022, Darktrace’s 24/7 SOC team observed a fast-paced compromise involving Raccoon Stealer v1. In this blog, we will outline the steps which the Raccoon Stealer v1 sample took to exfiltrate data out of the network.

Whilst Quantum Ransomware has been characterized by speedy and efficient attacks, Darktrace recently detected a surprising incident where the group used a long dwell time to achieve their goals. This blog explores the effect of this group's change in strategy and DETECT/Network’s coverage over the event.

This blog explores Darktrace's detection of a BeamWinHTTP and RedLine info stealer compromise caused by continued torrenting and a malicious download within a telecommunication customer’s environment.

In April 2022, Darktrace observed threat actors using the loader known as ‘BumbleBee’ to install Cobalt Strike Beacon onto target systems. This blog provides details of the steps threat actors took during their intrusions, along with details of the network-based behaviours which served as evidence of their activities. 

Hear from Wayne Racey, Manager of IT Operations for the City of St Catharines, Canada, as he explains how Darktrace DETECT + RESPOND buys back time for his security team and provides them with some much-needed peace of mind.

Crypto-mining continues to draw massive profits for cyber attackers, who use malicious botnets like Sysrv to exploit vulnerable organizations. Discover how these botnets work around traditional security tools, and what the upcoming Darktrace Prevent product family can do to harden defenses against them.

This blog describes why the New Jersey State Bar Association adopted Darktrace’s Autonomous Response technology across the entire business, how it stopped a sophisticated SaaS attack, and why the IT department now refer to it as another member of the team.

Autonomous Response recently stopped a Trickbot attack on a public administration organization, despite being activated only after the threat had taken root. This blog outlines the reasons for Trickbot’s repeated resurrection and explains how Darktrace’s Autonomous Response is able to stop each new iteration.

Darktrace experts were on the front lines throughout 2021 – a historic year of cyber-attacks. In this blog, those experts look ahead, offering their predictions for cyber security in 2022.

This blog breaks down every stage of ransomware, highlighting attackers’ aims at each step, the techniques they adopt to avoid conventional defenses, and the anomalous activity that causes Darktrace AI to initiate a targeted response.

Darktrace’s AI has detected attackers exploiting the Log4Shell vulnerabilities across multiple customer environments. This blog breaks down two real-world attack scenarios and highlights the autonomous actions taken by AI.

A new part of the McLaren car is created every 15 seconds, with suppliers around the world contributing to the team’s success. From a security perspective, each of these providers represent a potential chink in McLaren’s defensive armor. Learn why the security team chose Darktrace’s AI to protect the organisation from supply chain attacks.

Cyber-criminals are increasingly ‘Living off the Land’, leveraging commonly-used tools to fly under the radar of conventional cyber defenses. Discover why Self-Learning AI is uniquely positioned to identify attacks leveraging this technique.

The once notorious Ryuk ransomware has returned in new hands. Discover how small-time criminals are getting hold of cyber-crime’s most malicious tools, and what organizations can do to protect themselves.

For years, the notorious crypto-jacking group Outlaw have been adapting their botnet to make it past traditional security measures. This blog explains how Darktrace was able to see through their disguises and unpack their methods.

When a cyber-attack struck a national sporting body one week before the start of the Tokyo Olympics, Darktrace was on hand to autonomously stop the threat. This blog breaks down the attack in detail.

When it comes to tackling the problem of ransomware, attack is the best form of defense. This blog explores how to spot the early indicators of ransomware, which can prove a pivotal advantage as the game develops.

REvil have exploited IT management software provider Kaseya in one of the most far-reaching ransomware attacks of the year. This blog unpacks a real-world intrusion of REvil ransomware, and demonstrates how Autonomous Response protected customer data from encryption.