Archive for Darktrace

Guest Post: Darktrace Shares Their Cyber Security Predictions For 2019

Posted in Commentary with tags on December 19, 2018 by itnerd

2018 was another blockbuster year for cyber security. The endless stream of data breaches shows no sign of abating. If you sift through this daily churn of attacks, certain trends emerge. The motivation and methods of attackers are evolving, and the cyber security industry is changing with them. Looking to the next twelve months, we expect to see several key issues dominating the cyber landscape.

 

Malicious AI: The bad guys get (a lot) smarter

Artificial Intelligence is disrupting a vast range of industries. Seemingly no aspect of our lives is immune from this new industrial revolution. Unfortunately, this includes the actions of criminals as well. Cyber security has always been about innovation – the smarter hacker finds a way in. But in the past there was a certain level of cost involved. If you wanted to break into a business, and do it properly, it took time and effort. Attackers had to research their targets, find vulnerabilities, develop malware. This was a manual and labour intensive process. It’s why the highest level of cyber-attack has historically been the privilege of nation states – they are the only ones with the resources to perpetrate them.

AI is lowering barriers to entry and empowering start-ups around the world to deliver services at a previously inaccessible scale. Sadly, these benefits can cut both ways. This same power is beginning to be harnessed by the bad guys to allow them to perpetrate advanced cyber-attacks, en masse, at the click of a button. We have seen the first stages of this over the last year- advanced malware that adapts its behaviour to remain undetected. Once we have full blown AI-powered malware in the wild, we will enter the era of a true cyber arms race. As early as next year we might see the first AI vs AI battles playing out across the internet.

 

Attacking Infrastructure: from theft to sabotage

The hacks that make headline news tend to involve staggering amounts of data theft; millions of individuals’ personal details get stolen every week. These kinds of attacks are prolific for a simple reason: profit. Stealing data is attractive because it is easily monetizable. There is, however, a more worrying kind of hack that has historically got less attention, and that is infrastructure sabotage. Rather than stealing data, hackers can turn off the lights, disrupt transport systems, and ultimately threaten our safety.

This is nothing new; over the past few years we have seen several high-profile cyber-attacks that affected manufacturing, energy, and shipping. But these attacks are suddenly on the rise. This year the ports of San Diego and Barcelona were attacked with ransomware – compromising industrial devices can now allow criminals to ransom access to operational systems as well as data. Geo-political tensions are shaping attacks in cyber-space, and nation states are now on high alert to protect critical infrastructure, such as energy grids, from well-fuelled international attackers. As cyber warfare capabilities become increasingly developed, the private sector, and ultimately individuals, will begin to feel the impact of this growing conflict.

 

Influence and interference: online trust in the era of fake news

The people who built the internet were engineers at heart. As a result the cyber-security industry likes to focus on technical challenges such as finding flaws in software code and analysing data to spot attacks. This is essential work, and remains key to our online safety. However, recent events around ‘election hacking’, influence bots, and the systematic spreading of misinformation online has drawn attention to a rather deeper challenge that isn’t really technical at all.

There is a fundamental paradox at the heart of cyber-space. The internet empowers individuals, and bypasses authority. Many of the great social changes that the internet has brought come from its disruption of traditional authority; anyone can post on Youtube, anyone can write a blog, anyone can build an app. Often anonymously. We rightly cherish this direct empowerment, and the privacy and anonymity that comes with it.

The internet is fundamentally not designed for accountability, and this means that those who wish to manipulate and mislead can do it online with relative ease. They can also do it at scale. Technical solutions may have a valuable role to play in addressing these challenges – we can write better algorithms for detecting malicious bots, and screening out fake news. But we may have to accept that the internet’s ability to influence is inexorably tied to its ability to empower. Ultimately, manipulating the public discourse might prove to be a greater cyber-risk than the hacking of our devices. Controlling data may soon become more important than stealing it.

These three trends pull in very different directions. We are going to be facing more technically advanced adversaries than ever before, and at the same time more social, nebulous threats. Our data will continue to be stolen, but also manipulated. Our infrastructure will face attacks from both nation states, and organised crime alike. One thing is clear: the attack landscape is not getting any simpler, nor the attackers less ingenious.

Thankfully, huge strides continue to be made in developing network defences. 2018 saw the mainstreaming of AI for cyber defense, and the growing use of autonomous systems that can automatically combat hacks as they happen. It’s too early to call it, and we certainly can’t rest on our laurels, but it looks more likely than ever that the good guys can ultimately win.

Provided by: Darktrace

 

 

 

Advertisements

New Report From Darktrace Explores AI-Driven Cyber-Attacks

Posted in Commentary with tags on December 16, 2018 by itnerd

With attacks becoming more sophisticated, 2019 is sure to usher in a new trend in cyber-attacks where criminals increasingly leverage AI and machine learning. To explore this, Darktrace has launched a new report authored by Max Heinemeyer, Director of Threat Hunting.

The report is proprietary research into the most sophisticated threats that Darktrace sees ‘in the wild’ across its 7,000 deployments of cyber AI. Max explains how these real attacks are characteristic of what we expect see in AI-driven cyber-attacks of the near future.

To develop an understanding of the enhanced abilities of AI-driven cyber-attacks, the report presents three real case studies of advanced threats:

  1. Malware which moves laterally through the network at machine speed
  2. Attacker communications which mimic trusted parts of a system to blend into the target environment
  3. Data exfiltration which is carefully configured to evade detection through stealth and subtlety

The report is available here and is very much worth reading.

Guest Post: Flying Under the Radar: How Darktrace Detects ‘Low and Slow’ Cyber-Attacks

Posted in Commentary with tags on December 10, 2018 by itnerd

Introduction

The speed of today’s most advanced threats can be devastating. In the few minutes it takes a security analyst to step away from her screen to grab a coffee, ransomware can take down thousands of computers before human teams or traditional tools have the chance to respond.  And while big, fast threats are more likely to grab the headlines, cyber-attacks which do the opposite can be just as dangerous. The latest escalation in the cyber arms race sees attackers choosing stealth over speed and cunning over chaos.

As defenders work to rapidly deploy new security and detection technologies, malware authors have been similarly innovative, working to find a means of evading them. New ‘low and slow’ attacks are able to bypass traditional security tools because each individual action compiling the larger threat is too small to detect. These attacks are designed to operate over a longer period of time – and by minimizing disruption to any data transfer or connectivity levels, they blend into legitimate traffic.

For advanced and well-resourced actors like nation states in search of valuable intellectual property or sensitive political records, subtle and prolonged exposure to the systems they attack is a significant benefit. When it comes to the most sophisticated threats, slow and steady really can win the race.

Nevertheless, detection of low and slow attacks is possible with advanced machine learning techniques. To do so, contextual knowledge is critical; by modeling the subtle and unique ‘patterns of life’ of every user, device, and the network as a whole, AI-powered defenses are, for the first time, winning this battle.

This blog explores how attackers use low and slow techniques during multiple stages of the kill chain to achieve their eventual goal. We examine three real-world case studies, drawn from over 7,000 deployments of the Enterprise Immune System, to demonstrate how cyber AI detects low and slow reconnaissance, data exfiltration, and command-and-control activity.

Low and Slow Reconnaissance

By monitoring the behavioral pattern of devices and users, Darktrace AI is able to learn an evolving profile for expected activity. Armed with this understanding of ‘normal’ for the network, it can then identify significant anomalies indicative of a threat. It does all this without relying on training sets of historical data, enabling the technology to spot threats that other tools miss.

On the network of a European financial services firm, Darktrace discovered a server conducting port scans of various internal computers. This type of network scanning is regularly performed for legitimate testing purposes by administrative devices, but it is also a tactic for attackers to identify vulnerabilities and points of compromise – an early stage of an attack.

Over a duration of 7 days, the server made around 214,000 failed connections to 276 unique devices. However, only a small number of ports were targeted per day. The attack was sequential, but slow over time. Measured in one day, the level of disturbance was minimal enough to evade all rules-based defenses. Nevertheless, by learning ‘self’ across the entire digital business over time, cyber AI can detect even the subtlest deviation from ‘normal’ relative to the individual device, user, or network. Darktrace recognized the longer pattern of network scanning and alerted the customer immediately.

darktrace1a

Advanced search view showing regular connections to closed ports over the scanning period.

Low and Slow Data Exfiltration

At an industrial manufacturing company, a desktop was identified establishing over 2,000 connections to a rare host over a 7-day period. During this time, a total of 9.15GB of data was transferred externally. No single connection transmitted more than a few MB of data – an amount which, if viewed in isolation, would not be cause for concern. However, the destination for these connections was 100% rare for the network and maintained that level of rarity for the entire period of exfiltration. This not only flagged the activity as initially suspicious, but also prevented it from being absorbed into legitimate traffic. Combined with the accumulated volume of data leaving the network, Darktrace AI identified this as significant deviation in the device’s behavior, indicating a threat in progress.

darktrace2

Steady exfiltration of data over a 7-day period

darktrace 3

A series of model breaches (orange circles) occurring throughout the period of steady external data exfiltration (blue line)

Low and Slow Command and Control

Darktrace is extremely successful in finding malware infections before they appear on open-source threat lists, a crucial ability when stopping the most serious, never-before-seen threats. This is achieved in large part by detecting beaconing patterns rather than relying on signatures. Beaconing occurs when a malicious program attempts to establish contact with its online infrastructure. Similar to network scanning, it creates a surge in outgoing connections.

Darktrace was deployed in a corporate network where a device was found making connections at steady intervals to a malicious browser extension. The average rate of connection was 11 connections every 4 hours – a low activity level which could easily have blended into legitimate internet traffic. Having identified the regularity of these connections, Darktrace’s AI assigned a high beaconing score, which indicated that they were likely initiated by an automated process. If we include the fact that the destination was rare, it became clear that this was caused by a malicious background program that was running unbeknownst to the user.

darktrace4

Regular low-level beaconing over a 7-day period.

As cyber security advances, attackers will develop increasingly sophisticated methods to operate under the radar. Traditional cyber security tools which work in binary ways based on historical data – either the upload exceeded a predefined limit or not – cannot keep up. This new era will see AI proven crucial because of its ability to learn a constantly-evolving ‘pattern of life’ for a network over the duration of its deployment. This allows Darktrace AI to effectively locate the disturbances in connectivity levels – no matter how small – that have been caused by malicious or non-compliant activity. Fundamentally, this enables Darktrace to discover in-progress attacks and then autonomously respond, neutralizing them before they become a crisis.

High-profile, fast-moving attacks like NotPetya and WannaCry have encouraged some organizations to focus on preventing certain types of threat, at the expense of others – and hackers are catching on. By leveraging powerful AI, Darktrace empowers customers to prevent not just the fastest-moving attacks, but also the slowest and subtlest.

Darktrace Industrial Defends Energy+

Posted in Commentary with tags on November 15, 2018 by itnerd

Darktrace the world’s leading AI company for cyber defense, has today announced that Energy+ , a leading energy provider in Ontario, Canada, has deployed the Industrial Immune System to defend its physical and digital systems. With Darktrace’s immune system technology working across the organization’s entire digital infrastructure, Energy+ now has the unparalleled ability to defend against the full range of modern threats, no matter where they emerge.

Founded in 1906, Energy+ has a long history of providing reliable energy to citizens and businesses in Cambridge, Ontario, the Township of North Dumfries, and the County of Brant. After realizing the power of cyber AI to defend its corporate systems, Energy+ now runs Darktrace across its entire infrastructure to also safeguard critical industrial control systems.

The Industrial Immune System leverages advanced AI to learn the ‘pattern of life’ of every user, device, and controller. With this evolving understanding, Darktrace Industrial can spot advanced cyber-campaigns, misconfigurations, and latent vulnerabilities that would otherwise go unnoticed and undetected by legacy security tools.

 

Darktrace Partners With EndaceProbe Analytics Platforms To Advance Their Cybersecurity Offering

Posted in Commentary with tags on October 17, 2018 by itnerd

Darktrace and Endace have announced a partnership that combines Darktrace’s cyber AI with Endace’s unparalleled forensic capabilities. This combined solution empowers organizations to discover in-progress attacks anywhere on the digital infrastructure with Darktrace’s AI, and investigate them with industry-leading speed, scale and accuracy using Endace’s packet-level network history.

The EndaceProbe Analytics Platform arms organizations with the ability to record network traffic and conduct in-depth investigations by rapidly searching across petabytes of data for packets of interest. In addition to hosting Darktrace’s Enterprise Immune System on the same hardware platform, organizations can now also host a wide range of security and performance monitoring analytics solutions, including other Endace Fusion Partner offerings, open-source or custom applications.

The world leader in cyber AI, Darktrace’s Enterprise Immune System learns the ‘pattern of life’ for every device and user across the digital infrastructure, and uses this evolving understanding of ‘normal’ to detect and respond to emerging cyber-threats in real time.

The combined solution is available immediately. Contact Endace (sales@endace.com) or Darktrace (info@darktrace.com) for a demo. More information on the partnership and related products can be found at www.endace.com/darktrace.

Darktrace receives Series E funding

Posted in Commentary with tags on September 27, 2018 by itnerd

Darktrace, the world’s leading AI company for cyber defense, has today announced that it has raised $50 million in Series E funding at a valuation of $1.65 billion. The investment is led by Vitruvian Partners with participation from existing investors KKR and 1011 Ventures.

Darktrace continues to define the cyber defense market, with the world’s first autonomous response technology. Darktrace Antigena responds within 2 seconds to the earliest signs of threat and its adoption has increased by 30% in the last quarter. New capabilities include autonomous response for cloud, as well as protection against sophisticated email attack campaigns with the recently launched Antigena v2. Since its last funding, Darktrace has more than doubled its number of deployments and is now finding threats that other tools miss in over 7,000 networks.

The company’s rapidly growing roster of customers includes eight major international airports including London Gatwick Airport and Milan-Bergamo Orio Al Serio International Airport, the world-leading Science Museum Group, as well as a number of global financial institutions such as AIG, AEGON Sony Life Insurance and Ipreo.

Having ushered in a new era for cyber defense, Darktrace has grown its employee headcount by 60% in the last 12 months, now standing at over 750 employees worldwide. Seeking to meet the global demand for its technology, the company has accelerated its global operations, opening eight new offices in the last year including locations in Los Angeles, Mexico City and São Paulo as well as tripling the size of its Asian headquarters in Singapore. This latest round of funding will drive further international expansion and development.

Darktrace is the world’s leading AI company for cyber defense. Created by mathematicians, the Enterprise Immune System uses machine learning and AI algorithms to detect and respond to cyber-threats across diverse digital environments, including cloud and virtualized networks, IoT and industrial control systems. The technology is self-learning and requires no set-up, identifying threats in real time, including zero-days, insiders and stealthy, silent attackers.

Darktrace 2018 Discoveries Report…. A Very Eye Opening Read

Posted in Commentary with tags on September 14, 2018 by itnerd

We’re over half way through 2018 and already we’ve seen major cyber-attacks on everything from banks to provincial infrastructures in Canada. To assess the global threat landscape, today Darktrace – the global leader in AI and machine learning cyber defense – released its 2018 Discoveries Report.

The fact is, cyber-attacks are increasingly moving at machine-speeds, encrypting or compromising machines within seconds. From an internet-connected locker at an amusement park to a third-party cloud environment, points of entry are becoming more abundant. That’s why decision makers and consumers alike need to be aware of the threats out there and how they can combat them.

The report contains case studies on industries such as:

  • Media & Entertainment
  • Financial Services
  • Medical Manufacturing
  • Food manufacturing
  • E-commerce
  • Transportation
  • Technology

I spent a lot of time reading the report and it is very eye opening how these nine real-world threat stories were detected and neutralized by the world-leading technology that Darktrace offers.

You can have a look at the report here.