What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-06-14 09:00:00 | How a SOC team neutralized the QakBot banking trojan (lien direct) | Proactive Threat Notifications and Ask The Expert provide around-the-clock support. In a recent case, Darktrace SOC analysts helped a customer handle the QakBot banking trojan before it spread to other devices. | Threat | ★★★★ | |
|
2021-06-10 09:00:00 | SaaS security risks: Detecting a multi-account hijack with AI (lien direct) | This blog analyzes a sophisticated SaaS-based attack which leveraged several Microsoft 365 accounts to launch the offensive and maintain persistence. | |||
|
2021-06-08 09:00:00 | Unintended consequences: When cyber-attacks go wild (lien direct) | Cyber-attacks are becoming more unpredictable by the day. DarkSide was the latest example, but cyber miscalculations have occurred since the early days of the Internet. This blog discusses the dangers of unintended consequences and how we can guard against them. | |||
|
2021-06-01 09:00:00 | How ransomware gangs leverage security compliance (lien direct) | This blog discusses the consequences and challenges associated with compliance, and how Darktraceâs AI not only defends against double extortion ransomware, but also builds internal mechanisms that help enforce compliance across the workforce. | Ransomware | ||
|
2021-05-26 09:00:00 | How autonomous Cyber AI scaled to protect Arrow McLaren SP (lien direct) | McLaren is unique in competing in both Formula 1 and the NTT INDYCAR Series. Darktraceâs AI has seamlessly scaled and extended to protect both teams from machine-speed cyber-attacks like ransomware, working across different time zones to provide around-the-clock protection with Autonomous Response. | |||
|
2021-05-19 09:00:00 | Double extortion ransomware (lien direct) | With ransomware attacks against AXA ASIA, Colonial Pipeline, and Irelandâs Health Service last week, this blog explores how cyber-criminal groups are exfiltrating data to coerce victims into paying, in what is known as âdouble extortionâ ransomware. | Ransomware | ||
|
2021-05-13 09:00:00 | How AI defends critical infrastructure from ransomware (lien direct) | In the wake of the Colonial Pipeline cyber-attack, this blog discusses the many threats facing critical infrastructure, and how Cyber AI disrupted a similar âdouble extortionâ ransomware attack against an electrical utilities supplier. | Ransomware | ||
|
2021-05-10 09:00:00 | Protecting organizations in a post-SolarWinds world (lien direct) | Every organization is vulnerable to cyber-attacks, from schools and start-ups to whole cities. In this blog, the City of Tylerâs CIO describes how Cyber AI protects several Texan municipalities from attack, providing layered AI protection against tomorrow's threats. | |||
|
2021-05-04 09:00:00 | Insider threats, supply chains, and IoT: Breaking down a modern-day cyber-attack (lien direct) | The threat landscape is not what it was. Sprawling IoT ecosystems and globalized supply chains offer many opportunities for threat actors. Darktrace detects these vectors on a daily basis, sometimes in the very same attack. | Threat | ||
|
2021-04-29 09:00:00 | How AI email security reduces the burden on human defenders (lien direct) | Traditional email security tools weigh down the teams they were designed to help, with lengthy configuration processes and false positives which keep human operators in the weeds. This blog explains how autonomous AI frees up IT teams, enabling them to focus on what matters. | |||
|
2021-04-23 09:00:00 | APT35 âCharming Kitten\' discovered in a pre-infected environment (lien direct) | This blog discusses how Darktrace discovered a stealthy pre-existing APT35 infection in a customer environment. | Conference | APT 35 | |
|
2021-04-16 09:00:00 | Hafnium cyber-attack neutralized by AI in December 2020 (lien direct) | Darktrace AI appears to have detected a Hafnium attack against vulnerable Exchange servers in December 2020, three months before the zero-day was identified. This blog provides an in-depth analysis of the attack, which suggests that Hafniumâs campaign began far earlier than previously thought. | |||
|
2021-04-08 09:00:00 | Crypto-mining malware: Uncovering a cryptocurrency farm in a warehouse (lien direct) | Cyber AI discovered an extensive crypto-mining campaign in cardboard boxes in a disused warehouse. This blog discusses the rise in cryptocurrency farms and what this signals for the international cyber-threat landscape. | |||
|
2021-04-01 09:00:00 | âIâm sorry, weâre closedâ: Why most ransomware attacks happen out of hours (lien direct) | When employees have logged off, and security teams are away from their desks, thatâs prime time for attackers to strike. This blog discusses how cyber-criminals time their attacks to fall during weekends or holiday periods, and how defensive AI can stay awake and fight back. | Ransomware | ||
|
2021-03-26 09:00:00 | SANS ICS Security Summit 2021 recap: Industry on the move (lien direct) | This blog provides a concise overview of the key points from SANS Summit 2021. Knowing âselfâ both defends against the growing tide of external threats and allows organizations to gain visibility into new vulnerable areas as ICS evolves. | |||
|
2021-03-25 09:00:00 | Supply chain fraud: Darktrace detects Vendor Email Compromise (lien direct) | Malicious emails sent from trusted third parties bypass defenses all too often. This blog examines how Antigena Email stopped a recent supply chain attack by identifying a behavioral shift in the emails even though they came from a trusted source, while still allowing legitimate traffic from the same account to pass through. | |||
|
2021-03-18 09:00:00 | Hafnium-inspired cyber-attacks neutralized by AI (lien direct) | As a result of the wide-reaching Hafnium attacks, various threat actors have begun exploiting ProxyLogon. This blog post shows a real-life example of how Darktrace detected this campaign against vulnerable Exchange servers, before public attribution. | Threat | ||
|
2021-03-15 09:00:00 | Botnet malware: Remote Desktop Protocol (RDP) attack (lien direct) | Internet-facing RDP servers are an increasingly common vector of compromise. This blog explains how one RDP infection nearly led to the creation of a botnet, had Darktrace AI not alerted the security team as soon as the attack began. | |||
|
2021-03-10 09:00:00 | How extended Amazon VPC traffic mirroring enhances Darktraceâs self-learning cloud security (lien direct) | This blog explains how AWSâs extension of VPC Traffic Mirroring to non-Nitro instances supports Darktraceâs real-time visibility and adaptive, autonomous defense for AWS cloud environments. | |||
|
2021-03-03 09:00:00 | How Cyber AI scaled to secure Cradlepointâs SaaS environments (lien direct) | As working patterns continue to evolve, Darktrace provides visibility over the remote business, detecting everything from account takeovers to advanced phishing attacks. This blog discusses how Cradlepoint utilizes Cyber AI to secure its SaaS environments. | |||
|
2021-02-25 09:00:00 | LockBit ransomware analysis: Rapid detonation using a single compromised credential (lien direct) | Machine-speed attacks need a machine-speed response. This blog explores the rise of worm-like ransomware, and how Darktrace detected a LockBit ransomware attack where the attack stages all happened simultaneously, in the space of only four hours. | Ransomware | ||
|
2021-02-18 09:00:00 | Two-factor authentication (2FA) compromised: Microsoft account takeover (lien direct) | What happens when your two-factor authentication (2FA) has been hacked? What happens when security layers have been compromised, and a cyber-criminal has bypassed your security stack? This blog investigates how Darktraceâs Microsoft 365 connector detected a full SaaS account takeover, and launched a detailed investigation into the attack. | |||
|
2021-02-16 09:00:00 | The Florida water plant attack signals a new era of digital warfare â it\'s time to fight back (lien direct) | Earlier this month, cyber-criminals broke into the systems of a water treatment facility in Florida and altered the chemical levels of the water supply. This incident serves as a reminder that attacks in the digital space are having an increasing impact on the physical world. | |||
|
2021-02-12 09:00:00 | Industrial IoT: Finding pre-existing threats inside Industrial Control Systems (lien direct) | This blog explores how Darktrace AI can identify infections which have already breached an organization's digital system. Learn about the security risks posed by Industrial IoT devices, and how Cyber AI recently detected a number of compromised IIoT devices at a manufacturing company. | |||
|
2021-02-10 09:00:00 | Antigena Email Version 5: A matter of time (lien direct) | Version 5 of Antigena Email contains several updates and upgrades that streamline workloads for time-pressed security teams. This blog post explains how AI augments human defenders by detecting sophisticated threats and presenting its findings in an intuitive way. | |||
|
2021-02-02 09:00:00 | Comparing different AI approaches to email security (lien direct) | AI has fundamentally changed email security in recent years, but there is significant distinction to be made in the application of the technology which may determine genuine and future-proof protection from a backward-looking model incapable of catching novel attacks. | |||
|
2021-01-27 09:00:00 | AI cloud security with the Darktrace Immune System and Google Packet Mirroring (lien direct) | This blog explains how the visibility provided by Googleâs Packet Mirroring enables the Darktrace Immune System to seamlessly deploy in the cloud and form an understanding of what normal activity looks like for every user, container, application, and workload in a customerâs Google Cloud environment. | |||
|
2021-01-25 09:00:00 | Darktrace Version 5: Redefining enterprise security with autonomous AI (lien direct) | Version 5 offers a series of innovations across the Darktrace Immune System platform, bringing critical value to security teams grappling with the new normal. This blog explores how AI augments security teams with extended coverage across cloud services and zero-trust environments and an open architecture that enables seamless integrations. | |||
|
2021-01-14 09:00:00 | Five predictions for email security in 2021 (lien direct) | This blog gives five predicted trends for email security in 2021, explaining how attackers will continue to adapt their tactics to evade legacy security reliant on rules and blacklists. | |||
|
2021-01-07 09:00:00 | (Déjà vu) Dissecting the SolarWinds hack without the use of signatures (lien direct) | This blog explains how activity related to the SolarWinds hack can be detected without the use of signatures, and why a self-learning approach is the best possible mechanism to catch this Advanced Persistent Threat. | Hack | ||
|
2021-01-07 09:00:00 | Detecting the SolarWinds hack without the use of signatures (lien direct) | This blog explains how activity related to the SolarWinds hack can be detected without the use of signatures, and why a self-learning approach is the best possible mechanism to catch this Advanced Persistent Threat. | Hack | ||
|
2021-01-06 09:00:00 | How McLaren Racing stays ahead of advanced email threats (lien direct) | Faced with sophisticated phishing attacks targeting their C-suite, McLaren turned to AI to stop advanced email threats that outsmarted their legacy security tools. This blog uncovers an attack that slipped through their gateway but was neutralized by Antigena Email. | |||
|
2020-12-22 09:00:00 | How AI stopped a WastedLocker intrusion before ransomware deployed (lien direct) | Darktrace recently detected and investigated a WastedLocker attack. This blog explores how this high-speed, high-stakes ransomware uses 'living off the land' techniques to bypass traditional security tools, and how Darktrace Antigena can autonomously stop this threat in its earliest stages, before encryption has begun. | Ransomware Threat | ||
|
2020-12-17 09:00:00 | ZeroLogon exploit detected within 24 hours of vulnerability notice (lien direct) | An attack using the ZeroLogon exploit code was identified by Darktrace less than 24 hours after a CISA's public announcement. This blog explores the consequences of a ZeroLogon attack and how Darktrace AI managed to detect and investigate the threat. | Vulnerability | ||
|
2020-11-30 09:00:00 | Darktrace\'s Cyber AI Analyst investigates Sodinokibi (REvil) ransomware (lien direct) | Darktrace recently detected Sodinokibi, the most lucrative strain of ransomware in 2020, in a retail organization in the US. Cyber AI Analyst launched several automatic, real-time investigations into the incident simultaneously, producing concise and digestible summaries shown in this blog. | Ransomware | ||
|
2020-11-18 09:00:00 | How will US sanctions on the group behind TRITON protect critical infrastructure? (lien direct) | As the US Treasury announces new sanctions on the Russian institute believed to be behind the TRITON malware, this blog takes a look at the significance of this attack, and extrapolates what's around the corner for OT cyber-attacks. | |||
|
2020-11-05 09:00:00 | Writing wrongs: Why Mimecast\'s link rewriting gives a false sense of security (lien direct) | Traditional email gateways rely on pre-emptively rewriting links so that down the line, when they have updated information about a potential attack, they can take action. This blog exposes the pitfalls of this approach and examines a more modern approach to email security. | |||
|
2020-10-22 09:00:00 | AI catches Maze ransomware targeting a healthcare organization (lien direct) | Attackers are targeting increasingly high-stakes environments with ransomware. This blog post explores how AI can be used to detect and autonomously neutralize machine-speed attacks – looking in particular at how Darktrace caught Maze ransomware targeting a healthcare organization. | Ransomware | ||
|
2020-10-14 09:00:00 | How Industrial Control Systems can be secure in the cloud (lien direct) | With a major water utilities firm in the UK recently moving their SCADA systems to the cloud, this blog explores what 'ICSaaS' would look like in practice, and the security implications of such a transformation. | |||
|
2020-10-09 09:00:00 | How AI detected a hacker hiding in an energy grid within hours of deployment (lien direct) | Darktrace's AI can identify the subtle signs of threat, even when the initial intrusion occurs prior to its deployment. This blog shows how by looking at a critical real-world detection at a European energy organization. | |||
|
2020-10-05 09:00:00 | How a Mimecast miss led to a wide scale email compromise (lien direct) | A logistics company was recently hit by a successful email attack that slipped through Mimecast and led to a compromised account, with the attacker accessing several sensitive files before sending out over 1000 emails to other employees. This blog details how Darktrace's AI was able to detect the activity when legacy tools could not. | |||
|
2020-10-01 09:00:00 | AI email security: Understanding the human behind the keyboard (lien direct) | Despite organizations adopting 'secure' email gateways and extensive employee training, 94% of cyber-attacks still start in the inbox. Cyber AI understands the human beings behind email communications and autonomously responds to anomalous emails it deems malicious, stopping attacks that other tools miss. | ★★★★★ | ||
|
2020-09-24 09:00:00 | Darktrace OT threat finds: Detecting an advanced ICS attack targeting an international airport (lien direct) | As IT and OT converges, cyber-attacks are increasingly spreading to Industrial Control Systems, causing operational outages and physical disruption. Darktrace's AI recently detected a simulation of an advanced threat in the environment of a major international airport that used a range of ICS attack techniques. | Threat | ||
|
2020-09-22 09:00:00 | Fast and stealthy malware attempts to steal public data from government organization (lien direct) | Darktrace's Immune System recently detected Glupteba malware attempting to steal sensitive information from a government organization. This blog post details how targeted and autonomous actions from Darktrace Antigena would have contained the attack. | Malware | ||
|
2020-09-10 09:00:00 | How AI caught hackers crypto-mining on a biometric access server in an empty office (lien direct) | Darktrace recently detected a cyber-attack that used the processing power of a biometric scanner to mine for cryptocurrency. The activity occurred while the office was closed due to COVID-19, but Cyber AI detected the anomalous behavior in real time. | |||
|
2020-09-07 09:00:00 | Ransomware-as-a-Service: Eking targets government organization (lien direct) | Darktrace recently caught Eking ransomware targeting a government organization in APAC. This blog post details the anomalous behavior detected by Cyber AI, and evaluates the incident report surfaced by Darktrace's automated investigation technology, the Cyber AI Analyst. | Ransomware | ||
|
2020-08-27 09:00:00 | Darktrace email finds: Rare file type used to evade gateway tools (lien direct) | Cyber-criminals are increasingly looking to deploy malware via unusual file types as they know these aren't checked by traditional email security tools. Darktrace's AI recently detected and stopped a malicious ISO file that slipped through the rest of the security stack. | Malware | ||
|
2020-08-26 09:00:00 | Defense in depth: The resurgence of Emotet, as seen in the email and network layers (lien direct) | Darktrace's Immune System has recently detected a resurgence of the Emotet banking malware in the network and email realms of numerous customers around the world. This blog looks at three case studies and explains the benefits of a unified approach to cyber security. | Malware Studies | ||
|
2020-08-19 09:00:00 | (Déjà vu) Evil Corp intrusions: WastedLocker ransomware detected by Darktrace (lien direct) | Darktrace has recently observed multiple intrusions associated with renowned threat actor Evil Corp. This blog details how Darktrace's AI detected the malicious activity throughout the attack life cycle – from the initial intrusion and the C2 traffic to the encryption or exfiltration of sensitive files. | Ransomware Threat | ||
|
2020-08-19 09:00:00 | WastedLocker ransomware: Evil Corp hacker group detected by Darktrace (lien direct) | Darktrace has recently observed multiple intrusions associated with renowned threat actor Evil Corp. This blog details how Darktrace's AI detected the malicious activity throughout the attack life cycle – from the initial intrusion and the C2 traffic to the encryption or exfiltration of sensitive files. | Threat | ★★★ |
To see everything:
Our RSS (filtrered)
