Discover effective strategies for disarming the WarmCookie backdoor and securing your systems against this persistent threat.

Part 4: This blog explores the findings from Darktrace’s State of AI Cybersecurity Report on security professionals' understanding of the different types of AI used in security programs. Get the latest insights into the evolving challenges, growing demand for skilled professionals, and the need for integrated security solutions by downloading the full report.

Find out how to safeguard your organization from the Jupyter information stealer with strategies revealed by Darktrace's in-depth investigation.

Cado Security (now a part of Darktrace) found attackers are abusing Cloudflare's WARP service, a free VPN, to launch attacks. WARP traffic often bypasses firewalls due to Cloudflare's trusted status, making it harder to detect. Campaigns like "SSWW" cryptojacking and SSH brute-forcing exploit this trust, highlighting a significant security risk for organizations.

In July 2023, the U.S. Securities and Exchange Commission (SEC) adopted new rules concerning cybersecurity incidents and disclosures. This blog describes the new rules and demonstrates how Darktrace can help organizations achieve compliance with these standards.

Cado Security Labs identified a GuLoader campaign targeting European industrial companies via spearphishing emails with compressed batch files. This malware uses obfuscated PowerShell scripts and shellcode with anti-debugging techniques to establish persistence and inject into legitimate processes, to deliver Remote Access Trojans. GuLoader's ongoing evolution highlights the need for robust security.

Explore Darktrace's innovative methods for detecting NTLM hash theft and safeguarding your organization from cyber threats.

This blog breaks down how Darktrace detected and analyzed Qilin, a Ransomware-as-a-Service group behind recent high-impact attacks. You’ll see how Qilin affiliates customize attacks with flexible encryption, process termination, and double-extortion techniques, as well as why its cross-platform builds in Rust and Golang make it especially evasive. Darktrace highlights three real-world cases where its AI identified likely Qilin activity across customer environments, offering insights into how behavioral detection can spot novel ransomware before disruption occurs. Readers will gain a clear view of Qilin’s toolkit, tactics, and how self-learning defense adapts to these evolving threats.

Darktrace continues to innovate with Microsoft in the shared mission to deliver proactive cyber protection tailored to every organization. Joint customers benefit from two distinct, complementary security approaches – combining large scale threat intelligence with enterprise-native security insights – to address the full range of email threats.

P2Pinfect, a sophisticated Rust-based malware, has evolved from a dormant spreading botnet to actively deploying ransomware and a cryptominer, primarily infecting Redis servers and using a P2P C2. The updated version includes a user-mode rootkit, but its ransomware impact is limited by the low privileges often associated with Redis.

Darktrace/Email detected a phishing attack that had originated from LinkedIn, where the attacker impersonated a well known construction company to conduct a credential harvesting attack on the target. Darktrace’s ActiveAI Security Platform played a critical role in investigating the activity and initiating real-time responses that were outside the physical capability of human security teams.

Vendors are scrambling to compare MTTD metrics laid out in the latest MITRE Engenuity ATT&CK® Evaluations. But this analysis is reductive, ignoring the fact that in cybersecurity, there are far more metrics that matter.

Ensuring trust, battling ransomware, and detecting novel attacks pose critical challenges in network security. This blog explores these challenges and shows how leveraging AI-driven security solutions helps security teams stay informed and effectively safeguard their network.

This blog investigates the network-based activity detected by Darktrace in compromises stemming from the exploitation of a vulnerability in Palo Alto Networks firewall devices, namely CVE-2024-3400.

With complex digital and physical systems, that are increasingly interconnected, the expanding attack surface calls for a unified security solution. Explore the challenges, risks, and potential solutions for organizations aiming at securing distribution centers from cyber threats.

See how Darktrace empowers organizations to fight back against Medusa ransomware, enhancing their cybersecurity posture with advanced technology.

This blog examines a network compromise that stemmed from the purchase of leaked credentials from the dark web. Credentials purchased from dark web marketplaces allow unauthorized access to internal systems. Such access can be used to exfiltrate data, disrupt operations, or deploy malware.

This blog discusses why companies use third-party data management for efficiency, global access, collaboration, and reliability, while also addressing security risks associated and best practices with third-party data management.

This blog delves into Darktrace’s investigation into the exploitation of the Citrix Bleed vulnerability on the network of a customer in late 2023. Darktrace’s Self-Learning AI ensured the customer was well equipped to track the post-compromise activity and identify affected devices.

Join us to learn about the risks of Microsoft Teams phishing and how to implement effective defenses to protect your organization.