Darktrace Blog
Hafnium cyber-attack neutralized by AI in December 2020
Max Heinemeyer, Director of Threat Hunting | Friday April 16, 2021
Darktrace AI appears to have detected a Hafnium attack against vulnerable Exchange servers in December 2020, three months before the zero-day was identified. This blog provides an in-depth analysis of the attack, which suggests that Hafnium’s campaign began far earlier than previously thought.
All
Email Security
Cloud & SaaS Security
OT Security
Threat Finds
Autonomous Response
Ransomware
Crypto-Mining
Thought Leadership
Friday April 16, 2021
Hafnium cyber-attack neutralized by AI in December 2020
Thursday April 8, 2021
Crypto-mining malware: Uncovering a cryptocurrency farm in a warehouse
Thursday April 1, 2021
“I’m sorry, we’re closed”: Why most ransomware attacks happen out of hours
Friday March 26, 2021
SANS ICS Security Summit 2021 recap: Industry on the move
Thursday March 25, 2021
Supply chain fraud: Darktrace detects Vendor Email Compromise
Thursday March 18, 2021
Hafnium-inspired cyber-attacks neutralized by AI
Monday March 15, 2021
Botnet malware: Remote Desktop Protocol (RDP) attack
Wednesday March 10, 2021
How extended Amazon VPC traffic mirroring enhances Darktrace’s self-learning cloud security
Wednesday March 3, 2021
How Cyber AI scaled to secure Cradlepoint’s SaaS environments
Thursday February 25, 2021
LockBit ransomware analysis: Rapid detonation using a single compromised credential
Thursday February 18, 2021
Two-factor authentication (2FA) compromised: Microsoft account takeover
Tuesday February 16, 2021
The Florida water plant attack signals a new era of digital warfare — it's time to fight back
Friday February 12, 2021
Industrial IoT: Finding pre-existing threats inside Industrial Control Systems
Wednesday February 10, 2021
Antigena Email Version 5: A matter of time
Tuesday February 2, 2021
Comparing different AI approaches to email security
Wednesday January 27, 2021
AI cloud security with the Darktrace Immune System and Google Packet Mirroring
Monday January 25, 2021
Darktrace Version 5: Redefining enterprise security with autonomous AI
Thursday January 14, 2021
Five predictions for email security in 2021
Thursday January 7, 2021
Dissecting the SolarWinds hack without the use of signatures
Wednesday January 6, 2021
How McLaren Racing stays ahead of advanced email threats
Tuesday December 22, 2020
How AI stopped a WastedLocker intrusion before ransomware deployed
Thursday December 17, 2020
ZeroLogon exploit detected within 24 hours of vulnerability notice
Monday November 30, 2020
Darktrace’s Cyber AI Analyst investigates Sodinokibi (REvil) ransomware
Wednesday November 18, 2020
How will US sanctions on the group behind TRITON protect critical infrastructure?
Thursday November 5, 2020
Writing wrongs: Why Mimecast’s link rewriting gives a false sense of security
Thursday October 22, 2020
AI catches Maze ransomware targeting a healthcare organization
Wednesday October 14, 2020
How Industrial Control Systems can be secure in the cloud
Friday October 9, 2020
How AI detected a hacker hiding in an energy grid within hours of deployment
Monday October 5, 2020
How a Mimecast miss led to a wide scale email compromise
Thursday October 1, 2020
AI email security: Understanding the human behind the keyboard
Thursday September 24, 2020
Darktrace OT threat finds: Detecting an advanced ICS attack targeting an international airport
Tuesday September 22, 2020
Fast and stealthy malware attempts to steal public data from government organization
Thursday September 10, 2020
How AI caught hackers crypto-mining on a biometric access server in an empty office
Monday September 7, 2020
Ransomware-as-a-Service: Eking targets government organization
Thursday August 27, 2020
Darktrace email finds: Rare file type used to evade gateway tools
Wednesday August 26, 2020
Defense in depth: The resurgence of Emotet, as seen in the email and network layers
Wednesday August 19, 2020
Evil Corp intrusions: WastedLocker ransomware detected by Darktrace
Monday August 17, 2020
Darktrace threat finds: Abusing off-the-shelf tools to deploy ransomware
Thursday August 13, 2020
Darktrace email finds: COVID-19 relief spoof
Monday August 10, 2020
Darktrace email finds: Fake ShareFile notification from compromised supplier account
Thursday August 6, 2020
Darktrace OT threat finds: Defending the widening attack surface
Wednesday August 5, 2020
What the Twitter hack reveals about spear phishing – and how to prevent it
Tuesday August 4, 2020
Phishing from the inside: Microsoft 365 account hijack
Thursday July 30, 2020
Darktrace email finds: Two WeTransfer impersonation attacks caught by AI
Tuesday July 28, 2020
LeChiffre ransomware targets US distributor
Friday July 24, 2020
Darktrace email finds: IT impersonation attack
Thursday July 23, 2020
The resurgence of the Ursnif banking trojan
Wednesday July 22, 2020
Darktrace OT threat finds: Industrial sabotage
Monday July 20, 2020
Unusual but benign: How Antigena Email deals with unthreatening emails from a new contact
Thursday July 16, 2020
Darktrace email finds: Microsoft Teams impersonation
Monday July 13, 2020
Darktrace email finds: Chase fraud alert
Thursday July 9, 2020
CCPA: Why it’s important, and how Cyber AI can help
Wednesday July 8, 2020
Speed of weaponization: From vulnerability disclosure to crypto-mining campaign in a week
Tuesday July 7, 2020
Darktrace email finds: Impersonation attack of board member targets Gmail account
Friday July 3, 2020
Darktrace email finds: Siemens impersonation costs an academic institution $60,000
Tuesday June 30, 2020
Mirai malware infects CCTV camera
Thursday June 25, 2020
What the EKANS ransomware attack reveals about the future of OT cyber-attacks
Wednesday June 24, 2020
Darktrace email finds: QuickBooks impersonation phishing attack
Thursday June 11, 2020
The advanced email spoofing attacks of hackers-for-hire group Dark Basin
Monday June 8, 2020
How Darktrace’s AI caught two Microsoft 365 account takeovers
Friday May 22, 2020
Illuminating AWS cloud environments with Darktrace Cyber AI
Wednesday May 20, 2020
The anatomy of a SaaS attack: Two threats caught and investigated by AI
Wednesday May 6, 2020
Old but still dangerous – Dharma ransomware via RDP intrusion
Thursday April 30, 2020
The Domain Game: How email attackers are buying their way into inboxes
Monday April 27, 2020
Leveling up: Augmenting the adversary with AI
Thursday April 23, 2020
Bunim/Murray fights back against phishing attempts with Antigena Email
Wednesday April 15, 2020
How changing online habits have opened the door to a new wave of email attacks
Wednesday April 8, 2020
Four ways cyber-criminals fly under the radar
Thursday April 2, 2020
Catching APT41 exploiting a zero-day vulnerability
Wednesday March 25, 2020
Securing OT in remote working conditions
Thursday March 19, 2020
Five security risks companies face as workers go remote
Thursday March 12, 2020
How Antigena Email caught a fearware attack that bypassed the gateway
Wednesday February 26, 2020
Bridging the cyber skills gap: Cyber AI Analyst for OT
Friday February 21, 2020
Post-mortem of a targeted Sodinokibi ransomware attack
Monday January 27, 2020
Using AI to detect a bitcoin mining campaign leveraging Citrix Netscaler vulnerabilities
Wednesday January 15, 2020
Stopped in its tracks: How Antigena neutralizes zero-day ransomware
Wednesday January 8, 2020
RE:Thinking Email Security
Wednesday December 18, 2019
Doorbuster or doppelganger: How Darktrace detects attacks that deceive via discount
Tuesday December 3, 2019
Stop the clock: How Autonomous Response contains cyber-threats in seconds
Monday November 18, 2019
The best signature move: Detecting ransomware without any signatures at all
Thursday October 31, 2019
Leakproof by law: Previewing the 2020 data protection landscape
Wednesday October 2, 2019
Big game hunting: How Ryuk ransomware takes down its imposing targets
Friday September 6, 2019
Off the hook: How AI catches phishing emails even if we take the bait
Tuesday August 13, 2019
Securing the cities of tomorrow: Three takeaways from Black Hat 2019
Monday August 5, 2019
Back to square one: The Capital One breach proved we must rethink cloud security
Wednesday July 31, 2019
Digitizing the Dark: Cyber-attacks against power grids threaten modernity itself
Wednesday July 10, 2019
Shining a light on Shamoon 3: What cyber AI revealed about the data-wiping malware
Thursday June 20, 2019
The Age of Algorithms: How autonomous response AI is winning the race against time
Monday June 3, 2019
Making the red team wave the white flag with Darktrace AI
Wednesday May 29, 2019
The top 10 cyber hygiene issues that lead to a breach: Part two — The perils of convenience
Wednesday May 15, 2019
The top 10 cyber hygiene issues that lead to a breach: Part one — A perimeter in ruins
Tuesday April 23, 2019
SaaS security: The risks of collaboration in the cloud
Wednesday April 17, 2019
If you build it, they will come: Cyber-criminals are exploiting Latin America’s new digital economy
Tuesday March 26, 2019
Anatomy of an insider breach originating from a contractor's laptop
Thursday March 21, 2019
Thwarting an invisible threat: How AI sniffs out the Ursnif trojan
Tuesday March 12, 2019
A security analyst’s view: Detecting and investigating lateral movement with Darktrace
Friday March 8, 2019
How state-sponsored attackers took colleges to school
Tuesday March 5, 2019
Solving the “VR Goldilocks Problem” in Security Operations
Friday February 15, 2019
Catching Mimikatz’ behavior with anomaly detection
Friday February 8, 2019
AI reveals 2018’s biggest cyber-threats: Part two — to err is human
Monday February 4, 2019
Anatomy of a zero-day trojan caught by our Darktrace appliance
Monday January 28, 2019
AI reveals 2018’s biggest cyber-threats: Part one — the rise of nontraditional IT
Thursday January 10, 2019
Glimpsing inside the trojan horse: An insider analysis of Emotet
Monday December 3, 2018
Flying under the radar: How Darktrace detects ‘low and slow’ cyber-attacks
Thursday November 22, 2018
Here’s how black hats will spend Black Friday
Thursday October 25, 2018
Law and disorder: Firms in the firing line
Thursday October 4, 2018
Troubled waters: Cyber-attacks on San Diego and Barcelona’s ports
Monday August 20, 2018
Healthcare beware: Crypto-mining, malware, and IoT attacks
Monday July 16, 2018
Trusting the cloud: Unencrypted data upload by government body
Friday June 22, 2018
Beyond the hash: How unsupervised machine learning unlocks the true power of JA3
Wednesday May 9, 2018
Ransomware one year after WannaCry: attack vectors still commonly exploited by attackers
Monday April 16, 2018
How profitable is crypto-mining malware?
Wednesday March 7, 2018
How malware abused Sixt.com and Breitling.com for covert Command & Control communication
Tuesday February 13, 2018
Cryptocurrencies and the future of cyber defense
Friday February 2, 2018
Machine vs machine: instant domain fluxing identification with Darktrace
Monday January 22, 2018
The implications of TRITON for the future of ICS security
Friday December 8, 2017
Expediting the investigation of widespread Trojan infections with Darktrace
Monday November 27, 2017
Smuggled Raspberry Pis attempt to steal passwords
Monday October 30, 2017
A new botnet discovered using IoT drawing pads for reflection attacks
Wednesday October 25, 2017
Down the BadRabbit Hole
Thursday October 12, 2017
The ‘Matrix Banker’ Reloaded
Monday October 2, 2017
Resurgence of the Feodo banking Trojan on a government network
Monday September 18, 2017
How a cloud server nearly released IP at a major manufacturing company
Monday July 31, 2017
How Darktrace’s AI detects metamorphic malware
Thursday June 29, 2017
Darktrace’s perspective on the NotPetya attack
Wednesday June 21, 2017
Every rule has an exception: How to detect insider threat without rules
Wednesday May 17, 2017
WannaCry: Darktrace’s response to the global ransomware campaign
Monday May 8, 2017
Defending against ransomware: a live threat scenario
Wednesday April 5, 2017
Trust attacks and the evolution of ransomware
Monday March 6, 2017
The threat is already inside
Monday February 13, 2017
Smile! You're on camera
Monday January 30, 2017
Cyber-threats mean banks are no longer ‘too big to fail’
Monday January 9, 2017
AI will supercharge spear phishing
Friday December 16, 2016
5 cyber security predictions for 2017
Monday December 5, 2016
The Internet of Stranger Things
Friday November 18, 2016
Holiday hacking: Cyber-attacks on Cyber Monday
Friday November 4, 2016
2016: The year of election tampering?
Monday October 24, 2016
6 emerging cyber-threats you didn’t see in the news