Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-12-01 00:00:00 |
PREVENT Use Cases: Reducing Risk for Mergers, Acquisitions, and Subsidiaries (lien direct) |
This blog describes the internal and external cyber risks arising from mergers and acquisitions and how you can manage this with continuous AI-powered monitoring that outputs tangible and prioritized mitigation advice. |
|
|
★★
|
|
2022-11-30 00:00:00 |
Cyber AI Analyst: Cutting Through the Noise to Gain the Security Edge (lien direct) |
This blog addresses the issue of alert fatigue and explains how Cyber AI Analyst breaks down billions of individual events, first into anomalous events and then into prioritized security incidents ready for the security team's review. |
|
|
★★★
|
|
2022-11-24 00:00:00 |
To be Xor Not to Be: How RESPOND could have stopped a surprise DDoS incident (lien direct) |
Out-of-hours attacks continue to be a large stress for security teams, however with RESPOND, companies can stop threats without the need for 24/7 human monitoring. This blog explores a nighttime incident where RESPOND triggered a decisive model breach but was prevented from acting without human input. |
|
|
★★★★
|
|
2022-11-22 00:00:00 |
PREVENT Use Cases: Uncovering Misconfigurations (lien direct) |
Misconfigurations - whether accidental or malicious - are a growing threat in the face of rapidly expanding digital footprints comprising of cloud assets and bespoke OT technology. This blog explains how these are uncovered and remediated with Darktrace PREVENT. |
Threat
|
|
★★★★
|
|
2022-11-16 00:00:00 |
Early-Adopter Customers Reflect on Darktrace PREVENT (lien direct) |
Misconfigurations - whether accidental or malicious - are a growing threat in the face of rapidly expanding digital footprints comprising of cloud assets and bespoke OT technology. This blog explains how these are uncovered and remediated with Darktrace PREVENT. |
|
|
|
|
2022-11-14 00:00:00 |
PREVENT Use Cases: Getting Ahead of Brand Abuse (lien direct) |
Brand abuse involves impersonating an organization's IP to launch an attack or damage its reputation. This blog lays out how this can be pre-empted and prevented with Darktrace. |
|
|
|
|
2022-11-09 00:00:00 |
The resurgence of the raccoon: Steps of a Raccoon Stealer v2 Infection (Part 2) (lien direct) |
Since the release of version 2 of Raccoon Stealer in May 2022, Darktrace's SOC has observed a continuous surge in Raccoon Stealer v2 activity. In this blog, we will outline the typical steps of a Raccoon Stealer v2 infection, paying close attention to the info-stealer's network-based behaviors. |
|
|
|
|
2022-11-08 00:00:00 |
The last of its kind: Analysis of a Raccoon Stealer v1 infection (Part 1) (lien direct) |
In March 2022, Darktrace's 24/7 SOC team observed a fast-paced compromise involving Raccoon Stealer v1. In this blog, we will outline the steps which the Raccoon Stealer v1 sample took to exfiltrate data out of the network. |
|
|
|
|
2022-11-07 00:00:00 |
Inside the Yanluowang Leak: Organization, Members, and Tactics (lien direct) |
YanLuoWang ransomware was first used to attack a handful of US corporations in August 2021. Since then, the group have successfully ransomed organizations across the world, with global software giant Cisco among its victims. This blog post reveals Darktrace analysts' research into the organization's structure and tactics. |
Ransomware
|
|
|
|
2022-11-04 00:00:00 |
New technique to deliver malicious email payloads: Webmail login portal hidden within Google Translate domain (lien direct) |
Darktrace has recently detected a trend of threat actors hiding malicious links within Google Translate domains to avoid detection. In one incident, these links were used to harvest the recipients' credentials. |
Threat
|
|
|
|
2022-11-03 00:00:00 |
PREVENT Use Cases: Shining a Light on Shadow IT (lien direct) |
Darktrace has recently detected a trend of threat actors hiding malicious links within Google Translate domains to avoid detection. In one incident, these links were used to harvest the recipients' credentials. |
|
|
|
|
2022-10-27 00:00:00 |
When speedy attacks aren\'t enough: Prolonging Quantum Ransomware (lien direct) |
Whilst Quantum Ransomware has been characterized by speedy and efficient attacks, Darktrace recently detected a surprising incident where the group used a long dwell time to achieve their goals. This blog explores the effect of this group's change in strategy and DETECT/Network's coverage over the event. |
Ransomware
|
|
|
|
2022-10-24 00:00:00 |
Bytesize security: Impersonation tactics fail to fool Darktrace AI (lien direct) |
In this blog, a Darktace analyst explores common email impersonation techniques seen by the SOC team and explains how DETECT/Email is able to identify them. |
|
|
|
|
2022-10-19 00:00:00 |
Growing your onion: AutoIt malware in the Darktrace kill chain (lien direct) |
AutoIt is a scripting language designed for general purpose development. However, like many freeware languages, it has been exploited for malicious intent. Recently Darktrace captured the whole kill-chain of an AutoIt malware compromise, from delivery via email to payload download and subsequent C2. |
Malware
|
|
|
|
2022-10-12 00:00:00 |
Filtering out digital toxins: Why the American Kidney Fund chose Darktrace RESPOND (lien direct) |
AutoIt is a scripting language designed for general purpose development. However, like many freeware languages, it has been exploited for malicious intent. Recently Darktrace captured the whole kill-chain of an AutoIt malware compromise, from delivery via email to payload download and subsequent C2. |
|
|
|
|
2022-10-10 00:00:00 |
Piloting Airline Cyber Security with AI (lien direct) |
The airline industry has long operated with thin profit margins and high security and safety standards. With cyber threats threatening downtime that many of these organizations cannot afford, Darktrace's Tony Jarvis suggests that they turn to preventative AI-driven technologies which can harden defenses before attackers make the first move. |
|
|
|
|
2022-09-28 00:00:00 |
High-profile hacks emphasize the threat of social engineering (lien direct) |
The current threat landscape is rife with social engineering attempts across email, SMS and digital messaging. Discover why MFA and security awareness alone aren't enough to keep organizations safe from these tactics, and what Self-Learning AI can do to help. |
Threat
|
|
|
|
2022-09-21 00:00:00 |
Modern Extortion: Detecting Data Theft from the Cloud (lien direct) |
Now one of the most popular talking points in the security world, the ransom industry continues to see growth. First ransomware, then double extortion and now simple data theft have been used to meet threat actors' extortion needs. This blog highlights an example of this in a US customer's SaaS environment. |
Threat
|
|
|
|
2022-09-14 00:00:00 |
A thief in red: Compliance and the RedLine information stealer (lien direct) |
This blog explores Darktrace's detection of a BeamWinHTTP and RedLine info stealer compromise caused by continued torrenting and a malicious download within a telecommunication customer's environment. |
|
|
|
|
2022-09-13 00:00:00 |
Protecting the endpoint with Self-Learning AI: A customer perspective (lien direct) |
The National Farmers' Union (NFU) is the largest farmers' organization in England and Wales. Narinder Bains, NFU's Infrastructure Manager, explains how the organization used Self-Learning AI to draw out pre-existing threats in its network, and now protects its employees in offices and at home with Darktrace/Endpoint. |
|
|
|
|
2022-09-12 00:00:00 |
Security check-up: How Cullman Regional Medical Center uses Darktrace to secure its patient data (lien direct) |
Discover how Cullman Regional Medical Center secures its invaluable services and avoids potentially life-threatening cyber-attacks with Darktrace's Self-Learning AI and the Cyber AI Analyst. |
|
|
|
|
2022-09-05 00:00:00 |
From BumbleBee to Cobalt Strike: Steps of a BumbleBee intrusion (lien direct) |
In April 2022, Darktrace observed threat actors using the loader known as 'BumbleBee' to install Cobalt Strike Beacon onto target systems. This blog provides details of the steps threat actors took during their intrusions, along with details of the network-based behaviours which served as evidence of their activities. |
Threat
|
|
|
|
2022-09-05 00:00:00 |
The cyber security shortages holding back Africa and the Global South (lien direct) |
Many emerging markets in the Global South suffer from ineffective cyber legislation and crippling skill shortages. For the organizations in these countries to remain attractive to investors, they will need to adopt tools which will secure them against new and sophisticated threats. Discover what steps are already being taken, and what organizations should be looking to do next. |
|
|
|
|
2022-08-25 00:00:00 |
Detecting the Unknown: Revealing Uncategorized Ransomware Using Darktrace (lien direct) |
At the top of every CISO's mind sits the fear of the unknown threat. As security tools continue to improve, so do attackers. This blog explores a BlackByte ransomware incident detected by Darktrace SOC in the Summer of 2021. At the point of discovery this ransom had yet to be categorized on popular OSINT. |
Ransomware
|
|
|
|
2022-08-23 00:00:00 |
Emotet Resurgence: Cross-Industry Campaign Analysis (lien direct) |
This blog aims to provide background and technical discoveries from the recent Emotet resurgence detected in early 2022 across multiple Darktrace client environments in multiple regions and industries. Predominantly in March and April 2022, Darktrace DETECT provided visibility over network activities associated with Emotet compromises using initial staged payload downloads involving algorithmically generated DLLs and subsequent outbound command and control, as well as spam activities. |
Spam
|
|
★★★★
|
|
2022-08-16 00:00:00 |
A New Home Front: The Part We All Play in a Modern Cyber War (lien direct) |
Full-scale cyber warfare is becoming an increasingly pressing reality, and it isn't just national governments and militaries that are involved. Learn how unofficial 'IT armies' and private sector organizations are contributing to modern cyber wars, and what steps businesses can take to help national efforts. |
|
|
|
|
2022-08-11 00:00:00 |
Bytesize Security: HTML Phishing Attachments (lien direct) |
Learn about the prevalence of HTML attachments in phishing emails, as observed by Darktrace's 24/7 SOC Service. |
|
|
|
|
2022-08-10 00:00:00 |
Threat Actor Tactics in the Russo-Ukrainian Conflict: Analyst Observations and Predictions (lien direct) |
The escalation of the conflict between Russia and Ukraine has led to fears of a full-scale cyberwar. In this discursive blog, analysts cover the most popular methods of attack in the conflict so far, some of the hacking groups involved, and the observations Darktrace has made in its own customer environments. |
|
|
|
|
2022-08-09 00:00:00 |
A New Sheriff in Town: Why the City of St. Catharines Turned to Darktrace to Protect its Digital Assets (lien direct) |
Hear from Wayne Racey, Manager of IT Operations for the City of St Catharines, Canada, as he explains how Darktrace DETECT + RESPOND buys back time for his security team and provides them with some much-needed peace of mind. |
|
|
|
|
2022-08-08 00:00:00 |
Maximizing Security Investments as an SMB (lien direct) |
Making 'the next investment' in your cyber security can be a daunting task for an SMB. Discover how that investment can be maximized with AI. |
|
|
|
|
2022-08-04 00:00:00 |
Exploring the Dangers of Remote Access Tools (lien direct) |
Making 'the next investment' in your cyber security can be a daunting task for an SMB. Discover how that investment can be maximized with AI. |
|
|
|
|
2022-07-28 00:00:00 |
N-Day Vulnerabilities: Minimizing the Risk with Self-Learning AI (lien direct) |
Oakley Cox discusses the dangers posed by N-Day exploits, and explains how Darktrace PREVENT can assist security teams hoping to close up vulnerabilities before attacks can be launched against them. |
|
|
|
|
2022-07-27 00:00:00 |
Using Self-Learning AI to defend against Zero-day and N-day attacks (lien direct) |
N-days are often overlooked by security teams yet often attract just as much attention as their zero-day counterpart. This blog explores both a zero-day and n-day attack on two different customer's SonicWall VPN server and Atlassian Confluence server, respectively, detailing how Darktrace was able to detect and intervene before any irreparable damage occurred. |
|
|
|
|
2022-07-27 00:00:00 |
PrivateLoader: Network-Based Indicators of Compromise (lien direct) |
This blog explores the network-based IOCs for PrivateLoader, a modular downloader which is increasingly being used by pay-per-install (PPI) providers to deliver malicious payloads. |
|
|
|
|
2022-07-26 00:00:00 |
Rudin Management Keeps Life Moving for Tenants with AI (lien direct) |
Discover how Rudin Management manages misconfigurations and ensures the security of its buildings and clients in New York City with Darktrace RESPOND |
|
|
|
|
2022-07-01 00:00:00 |
Darktrace unveils new brand with McLaren at British Grand Prix (lien direct) |
What better way to launch the new Darktrace brand – with its bold logo and design – than in the McLaren Racing commandcenter as the F1 team prepared for the first practice run of the British Grand Prix? |
|
|
|
|
2022-06-21 09:00:00 |
How cyber criminals are cashing in on crypto (lien direct) |
Crypto-mining continues to draw massive profits for cyber attackers, who use malicious botnets like Sysrv to exploit vulnerable organizations. Discover how these botnets work around traditional security tools, and what the upcoming Darktrace Prevent product family can do to harden defenses against them. |
|
|
|
|
2022-05-26 09:00:00 |
Pulling back the curtain on Grief ransomware (lien direct) |
Grief ransomware emerged suddenly last year to cause disruption across a range of industries and municipalities – but the playbook of the gang behind it struck many as familiar. Discover why DoppelPaymer became PayOrGrief, and how Darktrace's AI helped to protect an organization from one of its sophisticated ransomware attacks. |
Ransomware
|
|
|
|
2022-05-03 09:00:00 |
Zak Brown on innovation and cyber security at McLaren (lien direct) |
Two leaders in their fields discuss the importance of cyber security. Discover the cyber risks in Formula 1, and what it is that separates McLaren from the rest of the pack. |
Guideline
|
|
|
|
2022-04-26 09:00:00 |
How AI lets Priefert Manufacturing stay productive without sacrificing security (lien direct) |
The main Darktrace user at a manufacturing organization explains how Autonomous Response reduces cyber risks arising from human error, and allows the security team to adopt a proactive rather than reactive approach to security. |
|
|
|
|
2022-04-13 09:00:00 |
How Darktraceâs Cyber AI Analyst accelerates reporting incidents to the US federal government (lien direct) |
This blog explains how Darktrace helps defenders abide by US federal laws on reporting cyber security incidents, featuring a real-world example of a ransomware attack investigated by Cyber AI Analyst. |
Ransomware
|
|
|
|
2022-03-30 09:00:00 |
The journey towards business-wide autonomous security (lien direct) |
This blog describes why the New Jersey State Bar Association adopted Darktraceâs Autonomous Response technology across the entire business, how it stopped a sophisticated SaaS attack, and why the IT department now refer to it as another member of the team. |
|
|
|
|
2022-03-23 09:00:00 |
Autonomous Response stops a runaway Trickbot intrusion (lien direct) |
Autonomous Response recently stopped a Trickbot attack on a public administration organization, despite being activated only after the threat had taken root. This blog outlines the reasons for Trickbotâs repeated resurrection and explains how Darktraceâs Autonomous Response is able to stop each new iteration. |
Threat
|
|
|
|
2022-03-10 09:00:00 |
Why Lighthouse Global uses Self-Learning AI to shine a light on spear phishing attacks (lien direct) |
Discover why Lighthouse Global, a technology provider for legal firms and large businesses, relies on Darktrace to protect its email and cloud environment as the organization changes and grows. |
|
|
|
|
2022-03-03 09:00:00 |
Protecting global stadiums and events with Self-Learning AI (lien direct) |
This blog breaks down the challenges of securing high-profile events â including the âaccess paradoxâ, increasing IT and OT convergence, and the importance of a fast response â and explains how Self-Learning AI changes the game. |
|
|
|
|
2022-02-23 09:00:00 |
Adding Cybersprint Attack Surface Management to Darktraceâs expanding product suite (lien direct) |
Today Darktrace announced the acquisition of best-in-class Attack Surface Management company Cybersprint. Read this blog to learn why this is hugely exciting for both our companies, our customers and the wider security industry. |
|
|
|
|
2022-02-14 09:00:00 |
Staying ahead of REvilâs Ransomware-as-a-Service business model (lien direct) |
This blog assesses the impact of the recent arrests associated with cyber-criminal group REvil in the wider context of the Ransomware-as-a-Service business model, exploring a real-world REvil ransomware campaign discovered by Darktraceâs AI. |
Ransomware
|
|
|
|
2022-02-10 09:00:00 |
How Conti ransomware took down Operational Technology (lien direct) |
This blog demonstrates how ransomware can spread throughout converged IT/OT environments, and how Self-Learning AI empowers organizations to contain these threats. |
Ransomware
|
|
|
|
2022-02-07 09:00:00 |
The future of cyber security: Ransomware groups aim for maximum disruption (lien direct) |
This second prediction in our Future of Cyber Security series asserts that 2022 may become one of ransomwareâs most profitable years yet. Marcus Fowler explains new ransomware attacker tradecraft and what organizations need to do to keep up. |
Ransomware
|
|
|
|
2022-02-03 09:00:00 |
Keep the car running: Why AAA Washington turned to Autonomous Response (lien direct) |
This blog explains why AAA Washingtonâs security team chose Darktraceâs Self-Learning AI over a traditional SOC, and how they expanded its coverage to endpoints and the cloud. |
|
|
|