As attackers move from low sophistication, spray-and-pray campaigns to more targeted and sophisticated attacks, email security needs to understand the organization, not past attacks, to be able to keep up with attacker innovation and stop novel attacks on the first time of asking.

Amadey Info-stealer malware was detected across over 30 customers between August and December 2022, spanning various regions and industry verticals. This blog highlights the resurgence of Malware as a Service (MaaS) and the leveraging of existing N-Day vulnerabilities in SmokeLoader campaigns to launch Amadey on customers’ networks. This investigation was part of Darktrace’s continuous Threat Research work in efforts to identify and contextualize threats across the Darktrace fleet, building off of AI insights through collaborative human analysis.

Multi-Factor Authentication (MFA) has been widely adopted as a security measure against common account takeover methods. However, the industry is seeing more and more examples of MFA compromise wherein threat actors exploit the security tool itself to gain account access.

Between June 2021 and June 2022, crypto-currency platforms around the world lost an estimated 44 billion USD to cyber criminals, whose modus operandi range from stealing passwords and account recovery phrases, to cryptojacking and directly targeting crypto-currency transactions.

Compliance breaches can significantly damage a company’s finances and reputation if not properly addressed. However, compliance is often an afterthought for security teams responding to cyber security incidents, with many organizations seeing compliance issues as “rule breaking employees” rather than legitimate threats to their network. See here how Darktrace helps organizations adhere to compliance regulations.

This blog explains the benefits of thinking like an attacker and modeling attack paths in order to understand where you need to invest your defenses.

As the prevalence of Software-as-a-Service (SaaS) and multi-factor authentication (MFA) as a primary vector of attack continues across a variety of organizations and of every size in multiple industries, it is more important now than ever for organizations to utilize every tool at their disposal to mitigate account compromise at the earliest possible stage.

In the latter half of 2022, Darktrace observed a rise in Vidar Stealer infections across its client base. These infections consisted in a predictable series of network behaviors, including usage of certain social media platforms for the retrieval of Command and Control (C2) information and usage of certain URI patterns in C2 communications. In the blog post, we will provide details of the pattern of network activity observed in these Vidar Stealer infections, along with details of Darktrace’s coverage of the activity.

Despite the market value of cryptocurrency itself decreasing in the final quarter of 2022, the number of known cryptocurrency mining software variants had more than trebled compared to the previous year. The intensive resource demands of mining cryptocurrency has exacerbated the trend of malicious hijacking third-party computers causing slower processing speeds and higher energy bills for many companies.

Financial institutions must follow specific IT security compliance standards, which regularly change. One credit union turned to Darktrace to align with its approach to compliance and risk, benefitting from email protection and proactive attack surface management. 

This blog post highlights the recent malvertising campaigns targeting Google searches that deploy info-stealer malware. It covers the attackers' techniques and provides a list of indicators of compromise. Recommendations for the general public are also included to help mitigate the risk of falling victim to such attacks.

In June 2022, Darktrace observed a surge in Qakbot infections across its client base. These infections, despite arising from novel delivery methods, resulted in unusual patterns of network traffic which Darktrace/Network was able to detect and respond to.

The 2022 Qatar World Cup introduced the world’s first ‘connected stadium’ concept whereby all eight stadiums were managed by a single unified technology. Discover why Darktrace was selected to help protect this global tournament from cyber-attacks.

Jack Stockdale, CTO at Darktrace looks back on a year of innovation from Darktrace's AI Research Centre.

As the new year begins, Darktrace customers look forward to tackling industry-specific challenges, using the time Darktrace saves them to launch new projects, and seeing how new tools can further benefit their environments.

All CISOs fear large and targeted attacks. It is during these threats which expect the most of security teams, that real-time alerting is not always enough. In this blog, analysts explore an incident of BlackMatter ransom where alerts were missed but actions from RESPOND could have stopped entirely.

A persistent security question in industry media concerns the insider threat- how do we detect it? This blog shares a case study highlighting how Darktrace is perfectly positioned to complement security teams and DETECT insider attacks.

This blog explores the nuances of AI in cyber security, how to identify true AI, and considerations when integrating AI technology with people, processes, and other technology.

This blog explores the use of Darktrace PREVENT/ASM and Darktrace DETECT/Network as triage tools for security teams and the increased visibility provided when they complement each other. An example and mock scenario from an Australian environmental customer is also highlighted.

This blog walks through five key trends we expect to observe in the cyber threat and cyber defense landscape in the next 12 months.

This blog walks through the key benefits of integrating EDR technologies with Darktrace.

This blog describes the internal and external cyber risks arising from mergers and acquisitions and how you can manage this with continuous AI-powered monitoring that outputs tangible and prioritized mitigation advice.

This blog addresses the issue of alert fatigue and explains how Cyber AI Analyst breaks down billions of individual events, first into anomalous events and then into prioritized security incidents ready for the security team's review.

This blog explores a low-and-slow incident which saw over 300GB of data exfiltrated from a customer network. Whilst this activity was ultimately stopped with the help of Darktrace services, it could have been prevented earlier had RESPOND been in autonomous mode.