What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-02-13 00:00:00 | CryptoJacking How this double-edged sword can come back to hurt you (lien direct) | This blog explores how Darktrace was the only security tool to proactively alert an APAC Logistics Security Operation Centre (SOC) team to an instance of cryptocurrency hijacking (Cryptojacking) on their network. This blog also points to a broader discussion on why Cryptojacking poses a greater threat to organizations than simply slower machines and higher electrical bills. | Tool Threat | ★★ | |
|
2023-02-10 00:00:00 | How Preventative Security Actively Reduces Organizational Cyber Risk (lien direct) | This blog explores how Darktrace was the only security tool to proactively alert an APAC Logistics Security Operation Centre (SOC) team to an instance of cryptocurrency hijacking (Cryptojacking) on their network. This blog also points to a broader discussion on why Cryptojacking poses a greater threat to organizations than simply slower machines and higher electrical bills. | ★★ | ||
|
2023-02-10 00:00:00 | A Surge of Vidar: Network-Based Details of a Prolific Info-Stealer (lien direct) | In the latter half of 2022, Darktrace observed a rise in Vidar Stealer infections across its client base. These infections consisted in a predictable series of network behaviors, including usage of certain social media platforms for the retrieval of Command and Control (C2) information and usage of certain URI patterns in C2 communications. In the blog post, we will provide details of the pattern of network activity observed in these Vidar Stealer infections, along with details of Darktrace's coverage of the activity. | ★★★ | ||
|
2023-02-03 00:00:00 | Securing Credit Unions: Darktrace Supports Compliant Email Security and Risk Management (lien direct) | Financial institutions must follow specific IT security compliance standards, which regularly change. One credit union turned to Darktrace to align with its approach to compliance and risk, benefitting from email protection and proactive attack surface management. | ★★ | ||
|
2023-01-31 00:00:00 | Vidar Info-Stealer Malware Distributed via Malvertising on Google (lien direct) | This blog post highlights the recent malvertising campaigns targeting Google searches that deploy info-stealer malware. It covers the attackers' techniques and provides a list of indicators of compromise. Recommendations for the general public are also included to help mitigate the risk of falling victim to such attacks. | Malware | ★★★ | |
|
2023-01-31 00:00:00 | Qakbot Resurgence: Evolving along with the emerging threat landscape (lien direct) | In June 2022, Darktrace observed a surge in Qakbot infections across its client base. These infections, despite arising from novel delivery methods, resulted in unusual patterns of network traffic which Darktrace/Network was able to detect and respond to. | Threat | ★★★ | |
|
2023-01-16 00:00:00 | How Darktrace AI Helped Protect the Qatar World Cup 2022 from Cyber Disruption (lien direct) | The 2022 Qatar World Cup introduced the world's first 'connected stadium' concept whereby all eight stadiums were managed by a single unified technology. Discover why Darktrace was selected to help protect this global tournament from cyber-attacks. | ★★ | ||
|
2023-01-11 00:00:00 | Darktrace Innovation: A Year In Review (lien direct) | Jack Stockdale, CTO at Darktrace looks back on a year of innovation from Darktrace's AI Research Centre. | ★★★ | ||
|
2023-01-05 00:00:00 | BlackMatter\'s Smash-and-Grab tactics and the need for RESPOND (lien direct) | All CISOs fear large and targeted attacks. It is during these threats which expect the most of security teams, that real-time alerting is not always enough. In this blog, analysts explore an incident of BlackMatter ransom where alerts were missed but actions from RESPOND could have stopped entirely. | ★★★★ | ||
|
2023-01-04 00:00:00 | New Year\'s Resolutions: Customers Share Challenges and Goals for 2023 (lien direct) | As the new year begins, Darktrace customers look forward to tackling industry-specific challenges, using the time Darktrace saves them to launch new projects, and seeing how new tools can further benefit their environments. | ★★ | ||
|
2023-01-04 00:00:00 | Bytesize security: Examining an insider exfiltrating corporate data from a Singaporean file server to Google Cloud (lien direct) | A persistent security question in industry media concerns the insider threat- how do we detect it? This blog shares a case study highlighting how Darktrace is perfectly positioned to complement security teams and DETECT insider attacks. | ★★ | ||
|
2023-01-03 00:00:00 | Exploring the Cyber AI Loop as an Analyst: PREVENT/ASM & DETECT (lien direct) | This blog explores the use of Darktrace PREVENT/ASM and Darktrace DETECT/Network as triage tools for security teams and the increased visibility provided when they complement each other. An example and mock scenario from an Australian environmental customer is also highlighted. | ★★★ | ||
|
2022-12-21 00:00:00 | Finding the Right Cyber Security AI for You (lien direct) | This blog explores the nuances of AI in cyber security, how to identify true AI, and considerations when integrating AI technology with people, processes, and other technology. | ★★★ | ||
|
2022-12-14 00:00:00 | Five Cyber Security Predictions for 2023 (lien direct) | This blog walks through five key trends we expect to observe in the cyber threat and cyber defense landscape in the next 12 months. | Threat | ★★ | |
|
2022-12-13 00:00:00 | Integration in Focus: Bringing Machine Learning to Third-Party EDR Alerts (lien direct) | This blog walks through the key benefits of integrating EDR technologies with Darktrace. | ★ | ||
|
2022-12-05 00:00:00 | Managing Autonomous Response: The Future of Human-Machine Collaboration (lien direct) | This blog explains why Autonomous Response is now a necessity in cyber security, and the different ways security teams may choose to implement this practice, giving varying degrees of autonomy to the AI. | ★★ | ||
|
2022-12-02 00:00:00 | When to RESPOND?: Large-Scale Data Exfiltration (lien direct) | This blog explores a low-and-slow incident which saw over 300GB of data exfiltrated from a customer network. Whilst this activity was ultimately stopped with the help of Darktrace services, it could have been prevented earlier had RESPOND been in autonomous mode. | ★★★ | ||
|
2022-12-01 00:00:00 | PREVENT Use Cases: Reducing Risk for Mergers, Acquisitions, and Subsidiaries (lien direct) | This blog describes the internal and external cyber risks arising from mergers and acquisitions and how you can manage this with continuous AI-powered monitoring that outputs tangible and prioritized mitigation advice. | ★★ | ||
|
2022-11-30 00:00:00 | Cyber AI Analyst: Cutting Through the Noise to Gain the Security Edge (lien direct) | This blog addresses the issue of alert fatigue and explains how Cyber AI Analyst breaks down billions of individual events, first into anomalous events and then into prioritized security incidents ready for the security team's review. | ★★★ | ||
|
2022-11-24 00:00:00 | To be Xor Not to Be: How RESPOND could have stopped a surprise DDoS incident (lien direct) | Out-of-hours attacks continue to be a large stress for security teams, however with RESPOND, companies can stop threats without the need for 24/7 human monitoring. This blog explores a nighttime incident where RESPOND triggered a decisive model breach but was prevented from acting without human input. | ★★★★ | ||
|
2022-11-22 00:00:00 | PREVENT Use Cases: Uncovering Misconfigurations (lien direct) | Misconfigurations - whether accidental or malicious - are a growing threat in the face of rapidly expanding digital footprints comprising of cloud assets and bespoke OT technology. This blog explains how these are uncovered and remediated with Darktrace PREVENT. | Threat | ★★★★ | |
|
2022-11-16 00:00:00 | Early-Adopter Customers Reflect on Darktrace PREVENT (lien direct) | Misconfigurations - whether accidental or malicious - are a growing threat in the face of rapidly expanding digital footprints comprising of cloud assets and bespoke OT technology. This blog explains how these are uncovered and remediated with Darktrace PREVENT. | |||
|
2022-11-14 00:00:00 | PREVENT Use Cases: Getting Ahead of Brand Abuse (lien direct) | Brand abuse involves impersonating an organization's IP to launch an attack or damage its reputation. This blog lays out how this can be pre-empted and prevented with Darktrace. | |||
|
2022-11-09 00:00:00 | The resurgence of the raccoon: Steps of a Raccoon Stealer v2 Infection (Part 2) (lien direct) | Since the release of version 2 of Raccoon Stealer in May 2022, Darktrace's SOC has observed a continuous surge in Raccoon Stealer v2 activity. In this blog, we will outline the typical steps of a Raccoon Stealer v2 infection, paying close attention to the info-stealer's network-based behaviors. | |||
|
2022-11-08 00:00:00 | The last of its kind: Analysis of a Raccoon Stealer v1 infection (Part 1) (lien direct) | In March 2022, Darktrace's 24/7 SOC team observed a fast-paced compromise involving Raccoon Stealer v1. In this blog, we will outline the steps which the Raccoon Stealer v1 sample took to exfiltrate data out of the network. | |||
|
2022-11-07 00:00:00 | Inside the Yanluowang Leak: Organization, Members, and Tactics (lien direct) | YanLuoWang ransomware was first used to attack a handful of US corporations in August 2021. Since then, the group have successfully ransomed organizations across the world, with global software giant Cisco among its victims. This blog post reveals Darktrace analysts' research into the organization's structure and tactics. | Ransomware | ||
|
2022-11-04 00:00:00 | New technique to deliver malicious email payloads: Webmail login portal hidden within Google Translate domain (lien direct) | Darktrace has recently detected a trend of threat actors hiding malicious links within Google Translate domains to avoid detection. In one incident, these links were used to harvest the recipients' credentials. | Threat | ||
|
2022-11-03 00:00:00 | PREVENT Use Cases: Shining a Light on Shadow IT (lien direct) | Darktrace has recently detected a trend of threat actors hiding malicious links within Google Translate domains to avoid detection. In one incident, these links were used to harvest the recipients' credentials. | |||
|
2022-10-27 00:00:00 | When speedy attacks aren\'t enough: Prolonging Quantum Ransomware (lien direct) | Whilst Quantum Ransomware has been characterized by speedy and efficient attacks, Darktrace recently detected a surprising incident where the group used a long dwell time to achieve their goals. This blog explores the effect of this group's change in strategy and DETECT/Network's coverage over the event. | Ransomware | ||
|
2022-10-24 00:00:00 | Bytesize security: Impersonation tactics fail to fool Darktrace AI (lien direct) | In this blog, a Darktace analyst explores common email impersonation techniques seen by the SOC team and explains how DETECT/Email is able to identify them. | |||
|
2022-10-19 00:00:00 | Growing your onion: AutoIt malware in the Darktrace kill chain (lien direct) | AutoIt is a scripting language designed for general purpose development. However, like many freeware languages, it has been exploited for malicious intent. Recently Darktrace captured the whole kill-chain of an AutoIt malware compromise, from delivery via email to payload download and subsequent C2. | Malware | ||
|
2022-10-12 00:00:00 | Filtering out digital toxins: Why the American Kidney Fund chose Darktrace RESPOND (lien direct) | AutoIt is a scripting language designed for general purpose development. However, like many freeware languages, it has been exploited for malicious intent. Recently Darktrace captured the whole kill-chain of an AutoIt malware compromise, from delivery via email to payload download and subsequent C2. | |||
|
2022-10-10 00:00:00 | Piloting Airline Cyber Security with AI (lien direct) | The airline industry has long operated with thin profit margins and high security and safety standards. With cyber threats threatening downtime that many of these organizations cannot afford, Darktrace's Tony Jarvis suggests that they turn to preventative AI-driven technologies which can harden defenses before attackers make the first move. | |||
|
2022-09-28 00:00:00 | High-profile hacks emphasize the threat of social engineering (lien direct) | The current threat landscape is rife with social engineering attempts across email, SMS and digital messaging. Discover why MFA and security awareness alone aren't enough to keep organizations safe from these tactics, and what Self-Learning AI can do to help. | Threat | ||
|
2022-09-21 00:00:00 | Modern Extortion: Detecting Data Theft from the Cloud (lien direct) | Now one of the most popular talking points in the security world, the ransom industry continues to see growth. First ransomware, then double extortion and now simple data theft have been used to meet threat actors' extortion needs. This blog highlights an example of this in a US customer's SaaS environment. | Threat | ||
|
2022-09-14 00:00:00 | A thief in red: Compliance and the RedLine information stealer (lien direct) | This blog explores Darktrace's detection of a BeamWinHTTP and RedLine info stealer compromise caused by continued torrenting and a malicious download within a telecommunication customer's environment. | |||
|
2022-09-13 00:00:00 | Protecting the endpoint with Self-Learning AI: A customer perspective (lien direct) | The National Farmers' Union (NFU) is the largest farmers' organization in England and Wales. Narinder Bains, NFU's Infrastructure Manager, explains how the organization used Self-Learning AI to draw out pre-existing threats in its network, and now protects its employees in offices and at home with Darktrace/Endpoint. | |||
|
2022-09-12 00:00:00 | Security check-up: How Cullman Regional Medical Center uses Darktrace to secure its patient data (lien direct) | Discover how Cullman Regional Medical Center secures its invaluable services and avoids potentially life-threatening cyber-attacks with Darktrace's Self-Learning AI and the Cyber AI Analyst. | |||
|
2022-09-05 00:00:00 | From BumbleBee to Cobalt Strike: Steps of a BumbleBee intrusion (lien direct) | In April 2022, Darktrace observed threat actors using the loader known as 'BumbleBee' to install Cobalt Strike Beacon onto target systems. This blog provides details of the steps threat actors took during their intrusions, along with details of the network-based behaviours which served as evidence of their activities. | Threat | ||
|
2022-09-05 00:00:00 | The cyber security shortages holding back Africa and the Global South (lien direct) | Many emerging markets in the Global South suffer from ineffective cyber legislation and crippling skill shortages. For the organizations in these countries to remain attractive to investors, they will need to adopt tools which will secure them against new and sophisticated threats. Discover what steps are already being taken, and what organizations should be looking to do next. | |||
|
2022-08-25 00:00:00 | Detecting the Unknown: Revealing Uncategorized Ransomware Using Darktrace (lien direct) | At the top of every CISO's mind sits the fear of the unknown threat. As security tools continue to improve, so do attackers. This blog explores a BlackByte ransomware incident detected by Darktrace SOC in the Summer of 2021. At the point of discovery this ransom had yet to be categorized on popular OSINT. | Ransomware | ||
|
2022-08-23 00:00:00 | Emotet Resurgence: Cross-Industry Campaign Analysis (lien direct) | This blog aims to provide background and technical discoveries from the recent Emotet resurgence detected in early 2022 across multiple Darktrace client environments in multiple regions and industries. Predominantly in March and April 2022, Darktrace DETECT provided visibility over network activities associated with Emotet compromises using initial staged payload downloads involving algorithmically generated DLLs and subsequent outbound command and control, as well as spam activities. | Spam | ★★★★ | |
|
2022-08-16 00:00:00 | A New Home Front: The Part We All Play in a Modern Cyber War (lien direct) | Full-scale cyber warfare is becoming an increasingly pressing reality, and it isn't just national governments and militaries that are involved. Learn how unofficial 'IT armies' and private sector organizations are contributing to modern cyber wars, and what steps businesses can take to help national efforts. | |||
|
2022-08-11 00:00:00 | Bytesize Security: HTML Phishing Attachments (lien direct) | Learn about the prevalence of HTML attachments in phishing emails, as observed by Darktrace's 24/7 SOC Service. | |||
|
2022-08-10 00:00:00 | Threat Actor Tactics in the Russo-Ukrainian Conflict: Analyst Observations and Predictions (lien direct) | The escalation of the conflict between Russia and Ukraine has led to fears of a full-scale cyberwar. In this discursive blog, analysts cover the most popular methods of attack in the conflict so far, some of the hacking groups involved, and the observations Darktrace has made in its own customer environments. | |||
|
2022-08-09 00:00:00 | A New Sheriff in Town: Why the City of St. Catharines Turned to Darktrace to Protect its Digital Assets (lien direct) | Hear from Wayne Racey, Manager of IT Operations for the City of St Catharines, Canada, as he explains how Darktrace DETECT + RESPOND buys back time for his security team and provides them with some much-needed peace of mind. | |||
|
2022-08-08 00:00:00 | Maximizing Security Investments as an SMB (lien direct) | Making 'the next investment' in your cyber security can be a daunting task for an SMB. Discover how that investment can be maximized with AI. | |||
|
2022-08-04 00:00:00 | Exploring the Dangers of Remote Access Tools (lien direct) | Making 'the next investment' in your cyber security can be a daunting task for an SMB. Discover how that investment can be maximized with AI. | |||
|
2022-07-28 00:00:00 | N-Day Vulnerabilities: Minimizing the Risk with Self-Learning AI (lien direct) | Oakley Cox discusses the dangers posed by N-Day exploits, and explains how Darktrace PREVENT can assist security teams hoping to close up vulnerabilities before attacks can be launched against them. | |||
|
2022-07-27 00:00:00 | Using Self-Learning AI to defend against Zero-day and N-day attacks (lien direct) | N-days are often overlooked by security teams yet often attract just as much attention as their zero-day counterpart. This blog explores both a zero-day and n-day attack on two different customer's SonicWall VPN server and Atlassian Confluence server, respectively, detailing how Darktrace was able to detect and intervene before any irreparable damage occurred. |
To see everything:
