This blog explores recent findings from Darktrace's Threat Research team on active exploitation campaigns targeting Fortinet appliances. This analysis focuses on the September 2024 exploitation of FortiManager via CVE-2024-47575, alongside related malicious activity observed in June 2024.

In a recent incident, Darktrace uncovered a M365 account takeover attempt targeting a company in the manufacturing industry. The attacker executed a sophisticated phishing attack, gaining access through the organization’s SaaS platform. This allowed the threat actor to create a new inbox rule, potentially setting the stage for future compromises.

More and more security teams are adopting AI-powered cybersecurity solutions, but first-time buyers may not know how to evaluate new vendors and tools. This blog covers questions to consider at each stage of the AI adoption journey to ensure return on investment.

Explore the intricacies of the Triada Trojan and its targeting of communication and banking apps. Learn how to safeguard against this threat.

When a remote user fell victim to a vishing attack, allowing a malicious actor to gain access to a customer network, Darktrace swiftly detected the intrusion and responded effectively. This prompt action prevented any data loss and reinforced trust in Darktrace’s robust security measures.

This blog announces the general availability of Microsoft Azure support for Darktrace / CLOUD, enabling real-time cloud detection and response across dynamic multi-cloud environments. Read more to discover how Darktrace is pioneering AI-led real-time cloud detection and response.

Discover how Darktrace identified a sophisticated business email compromise (BEC) attack to successfully acquire a prospective customer in a trial alongside two other email security vendors. This case demonstrates the clear differentiator of true unsupervised machine learning applied to the right use cases, compared to miscellaneous vendor hype around AI.

Generative AI tools have increased the risk of BEC, and traditional cybersecurity defenses struggle to stay ahead of the growing speed, scale, and sophistication of attacks. Only multilayered, defense-in-depth strategies can counter the AI-powered BEC threat.

Read about thread hijacking and how attackers exploit trusted conversations, compromising network security and user data. Stay informed.

The global cybersecurity skills gap is widening, leaving many organizations vulnerable to increasing cyber threats. This blog explores how CISOs can implement AI strategies to make the most of their existing workforce through automation, consolidation and education.

Read about the methods used to exploit FortiClient EMS and the critical post-exploitation tactics that affect cybersecurity defenses.

This blog gives an overview of the proposed FAA regulations for safeguarding aviation systems and their cyber-physical networks. Read more to discover key points, challenges, and potential solutions for each use case.

In May 2024, a Darktrace customer was affected by KOK08, a ransomware strain commonly used by the Matrix ransomware family. Learn more about the tactics used by this ransomware case, including double extortion, and how Darktrace is able to detect and respond to such threats.

As we enter the era of AI, both the way businesses operate and the landscape that they operate within are changing. To continue to support our customers, we’ve refocused our mission to be the essential cybersecurity platform using AI to proactively defend against novel and known threats.

Cado researchers detected a typosquatting domain mimicking their corporate site, part of a broader campaign targeting tech companies. The malicious domain redirected to the legitimate one, and an accompanying fake X (Twitter) account was created. Cado took swift action, informing staff, blocking emails, and reporting the domain for suspension.

Darktrace observed the rapid exploitation of a critical vulnerability in JetBrains TeamCity (CVE-2024-27198) shortly following its public disclosure. Learn how the need for speedy detection serves to protect against supply chain attacks.

Darktrace prevented a Critical National Infrastructure organization from falling victim to a SharePoint phishing attack originating from one of its trusted suppliers. This blog discusses common perceptions of zero-trust in email security, how AI that uses anomaly-based threat detection embodies core zero-trust principles and the relevance of this approach to securing CNI bodies with complex but interdependent supply chains from Cloud account compromise. 

Explore Darktrace's 2024 Half-Year Threat Report for insights on the latest cyber threats and trends observed in the first half of the year.

Gain insights into safelink smuggling tactics and learn strategies to protect your organization from the dangers posed by malicious links.

As cloud adoption surges, the need for scalable, cloud-native security is paramount. This blog explores whether Cloud Detection and Response (CDR) is merely Network Detection and Response (NDR) tailored for the cloud, highlighting the unique challenges and essential solutions SOC teams require to secure dynamic cloud environments effectively.