What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-03-15 09:00:00 | Botnet malware: Remote Desktop Protocol (RDP) attack (lien direct) | Internet-facing RDP servers are an increasingly common vector of compromise. This blog explains how one RDP infection nearly led to the creation of a botnet, had Darktrace AI not alerted the security team as soon as the attack began. | |||
|
2021-03-10 09:00:00 | How extended Amazon VPC traffic mirroring enhances Darktraceâs self-learning cloud security (lien direct) | This blog explains how AWSâs extension of VPC Traffic Mirroring to non-Nitro instances supports Darktraceâs real-time visibility and adaptive, autonomous defense for AWS cloud environments. | |||
|
2021-03-03 09:00:00 | How Cyber AI scaled to secure Cradlepointâs SaaS environments (lien direct) | As working patterns continue to evolve, Darktrace provides visibility over the remote business, detecting everything from account takeovers to advanced phishing attacks. This blog discusses how Cradlepoint utilizes Cyber AI to secure its SaaS environments. | |||
|
2021-02-25 09:00:00 | LockBit ransomware analysis: Rapid detonation using a single compromised credential (lien direct) | Machine-speed attacks need a machine-speed response. This blog explores the rise of worm-like ransomware, and how Darktrace detected a LockBit ransomware attack where the attack stages all happened simultaneously, in the space of only four hours. | Ransomware | ||
|
2021-02-18 09:00:00 | Two-factor authentication (2FA) compromised: Microsoft account takeover (lien direct) | What happens when your two-factor authentication (2FA) has been hacked? What happens when security layers have been compromised, and a cyber-criminal has bypassed your security stack? This blog investigates how Darktraceâs Microsoft 365 connector detected a full SaaS account takeover, and launched a detailed investigation into the attack. | |||
|
2021-02-16 09:00:00 | The Florida water plant attack signals a new era of digital warfare â it\'s time to fight back (lien direct) | Earlier this month, cyber-criminals broke into the systems of a water treatment facility in Florida and altered the chemical levels of the water supply. This incident serves as a reminder that attacks in the digital space are having an increasing impact on the physical world. | |||
|
2021-02-12 09:00:00 | Industrial IoT: Finding pre-existing threats inside Industrial Control Systems (lien direct) | This blog explores how Darktrace AI can identify infections which have already breached an organization's digital system. Learn about the security risks posed by Industrial IoT devices, and how Cyber AI recently detected a number of compromised IIoT devices at a manufacturing company. | |||
|
2021-02-10 09:00:00 | Antigena Email Version 5: A matter of time (lien direct) | Version 5 of Antigena Email contains several updates and upgrades that streamline workloads for time-pressed security teams. This blog post explains how AI augments human defenders by detecting sophisticated threats and presenting its findings in an intuitive way. | |||
|
2021-02-02 09:00:00 | Comparing different AI approaches to email security (lien direct) | AI has fundamentally changed email security in recent years, but there is significant distinction to be made in the application of the technology which may determine genuine and future-proof protection from a backward-looking model incapable of catching novel attacks. | |||
|
2021-01-27 09:00:00 | AI cloud security with the Darktrace Immune System and Google Packet Mirroring (lien direct) | This blog explains how the visibility provided by Googleâs Packet Mirroring enables the Darktrace Immune System to seamlessly deploy in the cloud and form an understanding of what normal activity looks like for every user, container, application, and workload in a customerâs Google Cloud environment. | |||
|
2021-01-25 09:00:00 | Darktrace Version 5: Redefining enterprise security with autonomous AI (lien direct) | Version 5 offers a series of innovations across the Darktrace Immune System platform, bringing critical value to security teams grappling with the new normal. This blog explores how AI augments security teams with extended coverage across cloud services and zero-trust environments and an open architecture that enables seamless integrations. | |||
|
2021-01-14 09:00:00 | Five predictions for email security in 2021 (lien direct) | This blog gives five predicted trends for email security in 2021, explaining how attackers will continue to adapt their tactics to evade legacy security reliant on rules and blacklists. | |||
|
2021-01-07 09:00:00 | (Déjà vu) Dissecting the SolarWinds hack without the use of signatures (lien direct) | This blog explains how activity related to the SolarWinds hack can be detected without the use of signatures, and why a self-learning approach is the best possible mechanism to catch this Advanced Persistent Threat. | Hack | ||
|
2021-01-07 09:00:00 | Detecting the SolarWinds hack without the use of signatures (lien direct) | This blog explains how activity related to the SolarWinds hack can be detected without the use of signatures, and why a self-learning approach is the best possible mechanism to catch this Advanced Persistent Threat. | Hack | ||
|
2021-01-06 09:00:00 | How McLaren Racing stays ahead of advanced email threats (lien direct) | Faced with sophisticated phishing attacks targeting their C-suite, McLaren turned to AI to stop advanced email threats that outsmarted their legacy security tools. This blog uncovers an attack that slipped through their gateway but was neutralized by Antigena Email. | |||
|
2020-12-22 09:00:00 | How AI stopped a WastedLocker intrusion before ransomware deployed (lien direct) | Darktrace recently detected and investigated a WastedLocker attack. This blog explores how this high-speed, high-stakes ransomware uses 'living off the land' techniques to bypass traditional security tools, and how Darktrace Antigena can autonomously stop this threat in its earliest stages, before encryption has begun. | Ransomware Threat | ||
|
2020-12-17 09:00:00 | ZeroLogon exploit detected within 24 hours of vulnerability notice (lien direct) | An attack using the ZeroLogon exploit code was identified by Darktrace less than 24 hours after a CISA's public announcement. This blog explores the consequences of a ZeroLogon attack and how Darktrace AI managed to detect and investigate the threat. | Vulnerability | ||
|
2020-11-30 09:00:00 | Darktrace\'s Cyber AI Analyst investigates Sodinokibi (REvil) ransomware (lien direct) | Darktrace recently detected Sodinokibi, the most lucrative strain of ransomware in 2020, in a retail organization in the US. Cyber AI Analyst launched several automatic, real-time investigations into the incident simultaneously, producing concise and digestible summaries shown in this blog. | Ransomware | ||
|
2020-11-18 09:00:00 | How will US sanctions on the group behind TRITON protect critical infrastructure? (lien direct) | As the US Treasury announces new sanctions on the Russian institute believed to be behind the TRITON malware, this blog takes a look at the significance of this attack, and extrapolates what's around the corner for OT cyber-attacks. | |||
|
2020-11-05 09:00:00 | Writing wrongs: Why Mimecast\'s link rewriting gives a false sense of security (lien direct) | Traditional email gateways rely on pre-emptively rewriting links so that down the line, when they have updated information about a potential attack, they can take action. This blog exposes the pitfalls of this approach and examines a more modern approach to email security. | |||
|
2020-10-22 09:00:00 | AI catches Maze ransomware targeting a healthcare organization (lien direct) | Attackers are targeting increasingly high-stakes environments with ransomware. This blog post explores how AI can be used to detect and autonomously neutralize machine-speed attacks – looking in particular at how Darktrace caught Maze ransomware targeting a healthcare organization. | Ransomware | ||
|
2020-10-14 09:00:00 | How Industrial Control Systems can be secure in the cloud (lien direct) | With a major water utilities firm in the UK recently moving their SCADA systems to the cloud, this blog explores what 'ICSaaS' would look like in practice, and the security implications of such a transformation. | |||
|
2020-10-09 09:00:00 | How AI detected a hacker hiding in an energy grid within hours of deployment (lien direct) | Darktrace's AI can identify the subtle signs of threat, even when the initial intrusion occurs prior to its deployment. This blog shows how by looking at a critical real-world detection at a European energy organization. | |||
|
2020-10-05 09:00:00 | How a Mimecast miss led to a wide scale email compromise (lien direct) | A logistics company was recently hit by a successful email attack that slipped through Mimecast and led to a compromised account, with the attacker accessing several sensitive files before sending out over 1000 emails to other employees. This blog details how Darktrace's AI was able to detect the activity when legacy tools could not. | |||
|
2020-10-01 09:00:00 | AI email security: Understanding the human behind the keyboard (lien direct) | Despite organizations adopting 'secure' email gateways and extensive employee training, 94% of cyber-attacks still start in the inbox. Cyber AI understands the human beings behind email communications and autonomously responds to anomalous emails it deems malicious, stopping attacks that other tools miss. | ★★★★★ | ||
|
2020-09-24 09:00:00 | Darktrace OT threat finds: Detecting an advanced ICS attack targeting an international airport (lien direct) | As IT and OT converges, cyber-attacks are increasingly spreading to Industrial Control Systems, causing operational outages and physical disruption. Darktrace's AI recently detected a simulation of an advanced threat in the environment of a major international airport that used a range of ICS attack techniques. | Threat | ||
|
2020-09-22 09:00:00 | Fast and stealthy malware attempts to steal public data from government organization (lien direct) | Darktrace's Immune System recently detected Glupteba malware attempting to steal sensitive information from a government organization. This blog post details how targeted and autonomous actions from Darktrace Antigena would have contained the attack. | Malware | ||
|
2020-09-10 09:00:00 | How AI caught hackers crypto-mining on a biometric access server in an empty office (lien direct) | Darktrace recently detected a cyber-attack that used the processing power of a biometric scanner to mine for cryptocurrency. The activity occurred while the office was closed due to COVID-19, but Cyber AI detected the anomalous behavior in real time. | |||
|
2020-09-07 09:00:00 | Ransomware-as-a-Service: Eking targets government organization (lien direct) | Darktrace recently caught Eking ransomware targeting a government organization in APAC. This blog post details the anomalous behavior detected by Cyber AI, and evaluates the incident report surfaced by Darktrace's automated investigation technology, the Cyber AI Analyst. | Ransomware | ||
|
2020-08-27 09:00:00 | Darktrace email finds: Rare file type used to evade gateway tools (lien direct) | Cyber-criminals are increasingly looking to deploy malware via unusual file types as they know these aren't checked by traditional email security tools. Darktrace's AI recently detected and stopped a malicious ISO file that slipped through the rest of the security stack. | Malware | ||
|
2020-08-26 09:00:00 | Defense in depth: The resurgence of Emotet, as seen in the email and network layers (lien direct) | Darktrace's Immune System has recently detected a resurgence of the Emotet banking malware in the network and email realms of numerous customers around the world. This blog looks at three case studies and explains the benefits of a unified approach to cyber security. | Malware Studies | ||
|
2020-08-19 09:00:00 | (Déjà vu) Evil Corp intrusions: WastedLocker ransomware detected by Darktrace (lien direct) | Darktrace has recently observed multiple intrusions associated with renowned threat actor Evil Corp. This blog details how Darktrace's AI detected the malicious activity throughout the attack life cycle – from the initial intrusion and the C2 traffic to the encryption or exfiltration of sensitive files. | Ransomware Threat | ||
|
2020-08-19 09:00:00 | WastedLocker ransomware: Evil Corp hacker group detected by Darktrace (lien direct) | Darktrace has recently observed multiple intrusions associated with renowned threat actor Evil Corp. This blog details how Darktrace's AI detected the malicious activity throughout the attack life cycle – from the initial intrusion and the C2 traffic to the encryption or exfiltration of sensitive files. | Threat | ★★★ | |
|
2020-08-17 09:00:00 | Darktrace threat finds: Abusing TeamViewer to deploy ransomware (lien direct) | The increased use of off-the-shelf tools is lowering the barrier to entry for cyber-criminals. This blog explores an incident in which a low-skilled threat actor was able to successfully deploy ransomware in a retail organization by connecting to the domain controller via TeamViewer. | Ransomware Threat | ||
|
2020-08-13 09:00:00 | Darktrace email finds: COVID-19 relief spoof (lien direct) | Fearware involves exploiting a sense of fear, uncertainty and doubt to coax an email recipient to click on a malicious link. This blog dissects an email attack claiming to be a COVID-19 relief fund application from the Small Business Administration. | |||
|
2020-08-10 09:00:00 | Darktrace email finds: Fake ShareFile notification from compromised supplier account (lien direct) | Supply chain account takeover presents one of the more elusive threats to the inbox. This blog explains how Darktrace's AI picked up on one such attack by recognizing the anomalous link. | |||
|
2020-08-06 09:00:00 | (Déjà vu) Darktrace OT threat finds: Defending the widening attack surface (lien direct) | This blog looks across a database of hundreds of customers to reveal the extent of ICS protocol use within IT environments. With increasing IT/OT convergence, the need for a unified security platform with visibility and detection capabilities across both realms has never been more critical. | Threat | ||
|
2020-08-06 09:00:00 | Darktrace OT threat finds: Defending the widening threat landscape (lien direct) | This blog looks across a database of hundreds of customers to reveal the extend of ICS protocol use within IT environments. With increasing IT/OT convergence, the need for a unified security platform with visibility and detection capabilities across both realms has never been more critical. | Threat | ||
|
2020-08-05 09:00:00 | What the Twitter hack reveals about spear phishing – and how to prevent it (lien direct) | Twitter has now confirmed spear phishing was the cause of last month's attack. This blog looks at the limitations in our current defenses against this well-known attack technique, and how a layered AI approach identifies and stops it. | Hack | ||
|
2020-08-04 09:00:00 | Phishing from the inside: Microsoft 365 account hijack (lien direct) | When a Microsoft 365 account was taken over at a technology firm, Darktrace's Cyber AI Platform immediately detected the anomalous behavior. As the compromised account began sending out hundreds of emails, the Cyber AI Analyst investigated in real time and raised a high-confidence alert to the security team. | |||
|
2020-07-30 09:00:00 | Darktrace email finds: Two WeTransfer impersonation attacks caught by AI (lien direct) | Darktrace has seen an unprecedented rise in email attacks impersonating SaaS platforms to coax a recipient into divulging their account credentials. Two malicious emails supposedly from WeTransfer were recently recognized by Antigena as spoofing attempts, and stopped in their tracks. | |||
|
2020-07-28 09:00:00 | LeChiffre ransomware targets US distributor (lien direct) | LeChiffre ransomware was recently identified by Darktrace's AI inside the network of a US distributor. As the Cyber AI Analyst launched an automated investigation in real time, this blog looks at every stage of the attack kill chain, and how it could have been stopped with Autonomous Response. | Ransomware | ||
|
2020-07-24 09:00:00 | Darktrace email finds: IT impersonation attack (lien direct) | Antigena Email recently caught a phishing attack that attempted to steal the recipients' credentials by posing as their organization's IT team. The email was detected due to its anomalous link and the impersonation attack was neutralized. | |||
|
2020-07-23 09:00:00 | The resurgence of the Ursnif banking trojan (lien direct) | The Ursnif banking trojan attempts to blend into the network as legitimate Zoom and Webex activity, before trying to capture credentials. Earlier this month, the malware was automatically detected and neutralized by Darktrace's AI. | Malware | ||
|
2020-07-22 09:00:00 | Darktrace OT threat finds: Industrial sabotage (lien direct) | With increasing convergence between the cyber-physical realm and the corporate network, Darktrace has seen a rise in cyber-attacks that start in IT before traversing into industrial systems. This blog details one such threat, that was detected and investigated on by AI. | Threat | ||
|
2020-07-20 09:00:00 | Unusual but benign: How Antigena Email deals with unthreatening emails from a new contact (lien direct) | Effective email security relies not just on catching targeted attacks, but also not interfering with legitimate emails. This blog looks at the case of an 'unusual but benign' email that Antigena let through, allowing business to continue as usual. | |||
|
2020-07-16 09:00:00 | Darktrace email finds: Microsoft Teams impersonation (lien direct) | The number of active daily users on Microsoft Teams has increased exponentially in recent months, and cyber-criminals are taking advantage of this shift in our working habits. Darktrace's AI recently found a malicious email impersonating the collaboration platform to try and steal the recipient's credentials. | |||
|
2020-07-13 09:00:00 | Darktrace email finds: Chase fraud alert (lien direct) | Darktrace's AI email security recently stopped a malicious email attempting to impersonate Chase bank, coaxing the recipient into handing over their credentials. This blog covers why the attack evaded traditional security tools at the gateway, and how Darktrace spotted and neutralized the threat in real time. | Threat | ||
|
2020-07-09 09:00:00 | CCPA: Why it\'s important, and how Cyber AI can help (lien direct) | With the California Consumer Privacy Act (CCPA) coming into force this month, organizations' handling of personal information is under greater scrutiny than ever. This blog explains how Darktrace's Cyber AI Platform can help provide unified and granular real-time monitoring of personal data. | |||
|
2020-07-08 09:00:00 | Speed of weaponization: From vulnerability disclosure to crypto-mining campaign in a week (lien direct) | Darktrace recently detected a series of crypto-mining campaigns in its customers just a week after SaltStack revealed a vulnerability. This blog details the initial infection, payload execution and command and control, describing how AI identified the threat in real time. | Vulnerability Threat |
To see everything:
Our RSS (filtrered)
