Archive for Darktrace

Darktrace Recognized By Fast Company

Posted in Commentary with tags on March 15, 2022 by itnerd

Darktrace, a global leader in cyber security AI, today announced that it has been named one of the Most Innovative Companies in Artificial Intelligence of 2022 by Fast Company. The editors recognized Darktrace as one of the top 10 companies innovating in the AI sector.

Since 2008, Fast Company‘s Most Innovative Companies has been the definitive source for recognizing organizations transforming industries and shaping society. According to Fast Company, Darktrace was recognized for its Self-Learning AI that can defend against cyber-attacks “by forming an understanding of an organization’s machines, processes, and people—and then springing into action when it detects signs of abnormality.” Fast Company highlighted the efficacy of Darktrace’s Enterprise Immune System, noting that Darktrace reported none of its customers were ensnared when the ransomware gang REvil exploited a flaw in Kaseya in 2021.

Fast Company also underlined the value of the breadth of Darktrace’s coverage areas from email systems to operational technologies (OT). Finally, the publication highlighted Darktrace furthering its innovation in AI-based cyber defenses by expanding its key partnership with Microsoft and doubling its R&D team at the Cyber AI Research Centre in Cambridge, UK.

Darktrace is a global leader in cyber security AI, delivers world-class technology that protects over 6,500 customers worldwide from advanced threats, including ransomware and cloud and SaaS attacks. Darktrace’s fundamentally different approach applies Self-Learning AI to enable machines to understand the business in order to autonomously defend it. Headquartered in Cambridge, UK, the company has more than 1,700 employees and over 30 offices worldwide. Darktrace was also named one of TIME magazine’s ‘Most Influential Companies’ for 2021.

A Significant Gap In Cyber Incident Response Is Communication

Posted in Commentary with tags on March 14, 2022 by itnerd

Effectively communicating during a cyber breach is crucial for companies to beat any misinformation. Organizations often fail to disclose details of a cyber breach because they don’t know what happened or have the tools to fight cyberattacks. While legislation like this forces companies to report such incidents, it’s pretty clear that companies need to do more on the communication front. David Masson of Darktrace agrees:

Organizations can be slow or hesitant in getting their message out after experiencing a cyber incident, and this can sometimes give an impression of reluctance to say anything at all, which sows seeds of doubt. In this world of communication immediacy, businesses should have disclosure as part of their cyber response plans and be ready to discuss the incident as soon and as openly as possible in the public domain. Strong and confident communications that promptly offer clear and accurate information will help avoid mistakes or other narratives becoming the truth and instead drive home reassurance about what has happened, how the organization is remedying the situation and the fact that the business is in charge of its future. A failure to disclose or disclose appropriately won’t actually stop eventual disclosure, but it won’t be on your terms, and you won’t have control of the message.

That’s helpful advice and something that business should build into their plans for dealing with a cyber incident. On top of having the proper defences in place to keep a cyber incident from happening.

Darktrace Extends Autonomous Response To Enforce Normal Behavior On Endpoints

Posted in Commentary with tags on January 27, 2022 by itnerd

Darktrace today announced that its Autonomous Response technology now takes action on the endpoint – rounding out the Darktrace Antigena product family, which already includes coverage for SaaS applications, cloud, email, network, and Operational Technology (OT).

Endpoints have moved farther outside traditional infrastructure and have started housing even more sensitive data. As a result, CISOs and security professionals have been left grappling with the complexities of protecting their organizations and dynamic workers in the wake of flexible work arrangements and the dawn of the ‘Great Resignation’.

A novel approach to this challenge could be to augment security teams with AI that learns on the job how this flexible, dynamic workforce is working. Irregularity of endpoint activity can be continuously re-evaluated, and subtle, indiscernible actions can be taken that allow productive work to continue while stopping only threatening activity.

Antigena Endpoint does just that. It detects anomalous activity and intelligently makes micro-decisions based on unusual activity, such as out-of-the-ordinary initial file downloads and data exfiltration attempts, command and control traffic or lateral movement that might represent a cyber-threat. It uses various techniques to interrupt attacks on Mac, Windows, and Linux devices, including data leaks, ransomware and insider threats.

Contextual awareness gained from other parts of the digital estate is also beneficial in stopping endpoint attacks. For example, in the case of Antigena Email and Antigena Endpoint deployed together, the precision of response is enhanced by the more nuanced understanding of new and expected senders across all endpoint and email activity. A brand-new sender soliciting an employee into making a bank transaction on its own might warrant action. But, with the added information that the website has no prior relevancy to the organization, the increased context would solidify the case and alter the system’s response.

Darktrace a global leader in cyber security AI, delivers world-class technology that protects over 6,500 customers worldwide from advanced threats, including ransomware and cloud and SaaS attacks. Darktrace’s fundamentally different approach applies Self-Learning AI to enable machines to understand the business in order to autonomously defend it. Headquartered in Cambridge, UK, the company has 1,700 employees and over 30 offices worldwide. Darktrace was named one of TIME magazine’s ‘Most Influential Companies’ for 2021.

Guest Post: The Future of Cyber Security: Software supply chain attacks become a given in 2022

Posted in Commentary with tags on January 14, 2022 by itnerd

By Justin Fier, Director of Cyber Intelligence & Analytics, Darktrace

In 2020, the financial services sector was the industry that experienced the most cyber-attacks. For years, attackers targeted these organizations because they were expectedly lucrative targets. 

But in 2021, the financial services sector was no longer the most targeted. Instead, the IT and communications sector, including telecommunications providers, software developers, managed security service providers, and others faced the most attempted cyber-attacks.

This shift in priority target is not surprising for industry experts given the numerous high-profile software supply chain attacks in 2021, including those on SolarWinds, Kaseya, GitLab. Bad actors increasingly see software and developer infrastructure, platforms, and providers as entry vectors into governments, corporations, and critical infrastructure. 

Darktrace’s researchers observed that its artificial intelligence (AI)) autonomously interrupted around 150,000 threats each week against the sector in 2021. These research findings are developed based on Darktrace data generated by ‘early indicator analysis’ that looks at the breadcrumbs of potential cyber-attacks at several stages before attributing them to any actor and before they escalate into a full-blown crisis. 

From this analysis, Darktrace predicts that, in 2022, we will see threat actors embed malicious software throughout the software supply chain, including proprietary source code, developer repositories, open-source libraries, and more. We will likely see further supply chain attacks against software platforms and additional publicized vulnerabilities.

Explaining the shift

This increase in attacks on this sector is likely because more companies rely on third-party trusted suppliers to handle their data while it’s in motion and at rest. This cyber-attack vector has proven substantially profitable for attackers who focused their efforts on related organizations to get to a target’s crown jewels. This shift means that small- and medium-sized companies are now more likely to experience an attack, even if they are not the end target. 

Most recently, the uncovered vulnerability ‘Log4Shell’ embedded in a widely used software library left billions of devices exposed and prompted the Cybersecurity and Infrastructure Security Agency to provide formal guidance.

Unfortunately, many of these libraries are only updated and supported by volunteers, making it easy for vulnerabilities and intentional corruptions to slip through. DevSecOps will be a significant discussion point in 2022 as organizations begin to understand the importance of baking security into applications much earlier in the development process. Risks presented by the dependence on open source will put dev teams front and center. 

Email phishing persists as a reliable method for attackers

Despite this relevant shift in targets, Darktrace found that the most widely used attack method on the IT sector continues to be phishing. Darktrace found that organizations in the industry faced an average of 600 unique email phishing campaigns a month in 2021. These campaigns also matured in sophistication, as most no longer contain a malicious link or attachment as in the typical ill-intended email. 

In 2022, attackers will continue to advance their email attacks to hijack the communications chain more directly. We will see attackers hijack trusted supplier accounts to send spear-phishing emails from genuine, trusted accounts, as we saw in the November 2021 FBI account takeover.

Top cyber-criminals will use ‘clean’ emails containing normal text, with messages carefully crafted to impersonate a trusted third party to induce recipients to reply and reveal sensitive information. 

Facing the increase in attacks head-on

As the global software supply chain becomes increasingly interconnected, governments, corporations, and critical infrastructure organizations are all at risk of breach not only through their software and communications suppliers but via any security flaw in the extensive global software supply chain. 

In the face of this cyber threat, organizations must focus on not only their own cyber resilience but also ensure they can hold their trusted suppliers accountable to best cyber practices. There is no magic solution to finding attacks embedded in your software suppliers, so the real challenge for organizations will be to operate while accepting this risk. This year, like 2021, it is increasingly unrealistic for these companies to hope to avoid breaches via their supply chains. Instead, they must have the ability to detect the presence of attackers after a breach and stop this malicious activity in the early stages. 

If attackers can embed themselves at the beginning of the development process, organizations will have to detect and stop the attacker after they have gotten through. This problem calls for cyber defense technology that can spot vulnerabilities as threat actors exploit them. 

This threat reinforces the need for security to be integrated earlier in the development process and the importance of quickly containing attacks to prevent business disruption. Since these are multi-stage attacks, organizations can use AI at every step to contain and remediate the threat.

Holiday Season Sees 30% More Attempted Ransomware Attacks Says Darktrace

Posted in Commentary with tags on December 2, 2021 by itnerd

Darktrace, a global leader in cyber security AI, today reported that its security researchers discovered a 30% increase in the average number of attempted ransomware attacks globally over the holiday season in every consecutive year from 2018 to 2020 compared to the monthly average.

The researchers also observed a 70% average increase in attempted ransomware attacks in November and December compared to January and February. Following a record number of ransomware attacks this year, the company expects the spike to be higher over the 2021 holiday period.

During the nascent 2021 holiday season, Darktrace’s AI detected and autonomously stopped an in-progress, early-stage ransomware attack on a U.S. city before any data exfiltration or encryption could occur. The city’s security team had the foresight to deploy an AI solution to combat multi-stage ransomware attacks, enabling them to stop the attackers at the earliest stage. 

Ransomware is often falsely considered an encryption problem. This misconception masks and undermines attackers’ determination and creativity to initially break into and then move around within an organisation’s digital environment first to discover, then steal and encrypt data. The break-in is often through email, but that quickly evolves to targeting servers where the data lives. Therefore, a combination of email and network security is crucial to stop these attacks. 

Powered by Self-Learning AI, Darktrace technology develops an understanding of normal business operations for each organisation. It autonomously interrupts in-progress attacks at every stage from the initial entry with sophisticated spearphishing emails to brute-forced remote desktop protocol (RDP), command-and-control, and lateral movement, all without business disruption. 

Darktrace is a global leader in cyber security AI, delivers world-class technology that protects almost 6,000 customers worldwide from advanced threats, including ransomware, and cloud and SaaS attacks. The company’s fundamentally different approach applies Self-Learning AIto enable machines to understand the business in order to autonomously defend it. Headquartered in Cambridge, UK, the company has 1,600 employees and over 30 offices worldwide. Darktrace was named one of TIME magazine’s ‘Most Influential Companies’ for 2021.

Darktrace Self-Learning AI Defends Organizations Across All 16 CISA Critical Infrastructure Sectors 

Posted in Commentary with tags on October 15, 2021 by itnerd

Darktrace today announced that its Self-Learning AI is defending organizations across  all 16 critical infrastructure sectors designated by the Cybersecurity and Infrastructure Security Agency (CISA)

Within CISA, the Office of Infrastructure Protection leads efforts to manage risks to critical infrastructure,  deeming them  ”essential to the economy, security, and sustainment of the American way of life.” Self-Learning AI has proved crucial in this mission. It augments human teams and takes autonomous action to detect and respond to threats against the country’s most sensitive systems and critical data—at the earliest stages of an attack. 

Self-Learning AI works by constantly evolving its understanding of both IT and operational technologies, allowing it to identify the subtle, emerging signs of a cyber-threat and take targeted action to interrupt encroaching attacks. These real-time alerts enable critical infrastructure organizations to continue business operations without disruption. 

The technology also allows defenders of critical infrastructure to achieve the Biden Administration’s goals outlined in the  National Security Memorandum on Protecting Critical Infrastructure Control Systems — namely threat visibility, indications, detections, warnings, and facilitating response. 

Darktrace Self-Learning AI has successfully fought back against insider threats, supply chain attacks, zero-day exploits, APTs as well as state-sponsored attacks across U.S. critical infrastructure industries. 

In  May 2021, hackers hit Colonial Pipeline with ransomware, forcing the company to halt the pipeline’s total operations to contain the attack. In the same month, Darktrace AI detected, investigated, and contained a double extortion ransomware attack on a water and wastewater organization in  North America. Unlike in the case of Colonial Pipeline, the attack was interrupted before hackers could demand any ransom payment or disrupt business operations. Darktrace catches ransomware and other security threats similar to this every day across all 16 sectors. 

Darktrace AI Neutralizes IoT Attack That Threatened to Disrupt the Tokyo Olympics

Posted in Commentary with tags on September 20, 2021 by itnerd

I’ve posted a lot of bad news about companies and a variety of organizations getting pwned by hackers. But here’s a good news story for you.

As you know, one of the greatest issues in security is how to deal with high-stress scenarios when there is a significant breach – especially when it comes to a global sporting event attracting an audience in the millions. 

Threat actors often exploit the pressure of these events to cause disruption or extract hefty sums. Sporting occasions, especially Formula 1 races, the Super Bowl, and the Olympics, attract a huge deal of criminal interest.

Darktrace recently discovered a threat when a Raspberry Pi device was covertly implanted into a national sporting body directly involved in the Olympics, in an attempt to exfiltrate sensitive data. The events took place one week before the start of the Games, and a data breach at this time would have had significant ramifications for the reputation of the organization, the confidentiality of their plans, and potentially the safety of their athletes.    

Darktrace AI recognized this activity as malicious given its evolving understanding of ‘self’ for the organization, and Antigena – Darktrace’s autonomous response capability – took action at machine speed to interrupt the threat, affording the human security team the critical time they needed to catch up and neutralize the attack.  

If you’re interested, Darktrace has a blog post on how AI neutralized an IoT attack that threatened to disrupt the Tokyo Olympics. It’s a pretty interesting read.

US Goes After China For Hacking… China Hits Back

Posted in Commentary with tags , , on July 21, 2021 by itnerd

The US has taken the unusual step taking a shot at China over the hacking of Microsoft. This March, Microsoft reported that at least 30,000 customers were affected by a hack that allowed outsiders to access the firm’s email and calendar service through a software loophole previously unknown to the company. Volexity, the cybersecurity firm that first discovered the Exchange breach, and Microsoft concluded the attacks originated from China and appeared to be state-sponsored.

This has now led to the U.S. Justice Department charging four Chinese citizens from China’s secretive ministry of state security who are alleged to have hacked into the computer networks of dozens of companies, universities and government entities. China denies this:

“The U.S. ganged up with its allies and launched an unwarranted accusation against China on cybersecurity,” Chinese Foreign Ministry spokesman Zhao Lijian said Tuesday at a regular press briefing in Beijing. “It is purely a smear and suppression out of political motives. China will never accept this.”

But this is likely the beginning according to Director of Enterprise Security at Darktrace, David Masson:

“We have entered a new era of cyber-threat – attacks are increasing in speed, sophistication, and scale with malicious software like ransomware being able to encrypt an organization’s entire digital infrastructure in seconds. Even more alarmingly, geopolitical tensions are being played out in cyber battles with organizations getting caught in the crossfire.

Although it is difficult to attribute these attacks to any single nation-state, our government should take every opportunity to pressure cyber-criminals and grow international condemnation in the hopes of resetting the current state of unchecked nation and non-nation state cyber-aggression targeting countries globally. This lack of a unified strong and significant international response only further emboldens nation-state driven or sponsored cyber-attacks against the private sector and government institutions.

Canada can lead the way in putting every nation state and cybercriminal group, whether state-sponsored, supported, or simply sheltered, on notice that cyber-attacks will not only be taken extremely seriously, but that there could be a high cost where those responsible are held accountable through all levers of national power.

The priority must be protecting Canadian businesses and institutions from cyber-attacks that pose a threat to both economic and national security.”

Hopefully Canadian businesses, if not all businesses take heed of this warning.

Darktrace Reports Rapid Growth in Canada

Posted in Commentary with tags on June 23, 2021 by itnerd

Darktrace, a leading autonomous cyber security AI company, today reported that its Canadian customer base has grown substantially over the last year, as organizations across the country seek to protect themselves from increasingly sophisticated cyber-attacks. Significant customer wins in Canada include global retailer Herschel Supply Co., leading Quebec-based brokerage firm Lussier Dale Parizeau (LDP), the City of Sudbury, non-profit United Way of Calgary and Area, and Canucks Sports & Entertainment. 

Powered by self-learning Cyber AI, the Darktrace Immune System works by learning the normal ‘pattern of life’ of an organization and can interrupt in-progress attacks across increasingly complex digital infrastructures, including the cloud, email and home office environments. Organizations across the region have not only embraced AI to understand where threatening activity is happening, but also now trust the technology to stop attacks from evolving within a matter of seconds, before security teams are even at their desks.  

Darktrace is a leading autonomous cyber security AI company and the creator of Autonomous Response technology. It provides comprehensive, enterprise-wide cyber defense to over 4,700 organizations in over 100 countries, protecting the cloudemail, IoT, traditional networks, endpoints and industrial systems

A self-learning technology, Darktrace AI autonomously detects, investigates and responds to advanced cyber-threats, including insider threat, remote working risks, ransomware, data loss and supply chain vulnerabilities. The company has 1,500 employees globally, with headquarters in Cambridge, UK. Every second, Darktrace AI detects a cyber-threat, preventing it from causing damage. 

Ransomware Now Top Use Case For Autonomous Cybersecurity Technology: Darktrace

Posted in Commentary with tags on May 26, 2021 by itnerd

Darktrace today announced that ransomware is the top use case of its market-leading Autonomous Response technology, as organizations face the increased threat of machine-speed attacks. 

As sophisticated ransomware attacks continue to pose an existential risk to organizations in all sectors, Darktrace Antigena allows customers to take proportionate action to thwart all strains of ransomware, both known and unknown, in real time, avoiding costly shutdowns and business disruption. 

Powered by self-learning Cyber AI, Autonomous Response is a world-first technology that rapidly neutralizes a range of novel cyber-attacks by taking highly targeted actions, while allowing normal business operations to continue as usual. Its self-learning technology isolates only the unusual data encryption activity associated with ransomware. 

In addition, Darktrace has also announced that it has extended its Autonomous Response capability to enhance coverage of servers, allowing the AI to fight back against all forms of fast-moving attacks. 

Darktrace is a leading autonomous cyber security AI company and the creator of Autonomous Response technology. It provides comprehensive, enterprise-wide cyber defense to over 4,700 organizations in over 100 countries, protecting the cloudemail, IoT, traditional networks, endpoints and industrial systemsA self-learning technology, Darktrace AI autonomously detects, investigates and responds to advanced cyber-threats, including insider threat, remote working risks, ransomware, data loss and supply chain vulnerabilities. The company has 1,500 employees globally, with headquarters in Cambridge, UK. Every second, Darktrace AI detects a cyber-threat, preventing it from causing damage.