Inside the SOC
Darktrace cyber analysts are world-class experts in threat intelligence, threat hunting and incident response, and provide 24/7 SOC support to thousands of Darktrace customers around the globe. Inside the SOC is exclusively authored by these experts, providing analysis of cyber incidents and threat trends, based on real-world experience in the field.
Thursday April 28, 2022
This blog explores the resurgence of Emotet malware through a recent outbound malspam campaign on a wholesale trade, and explains how Autonomous Response interrupted the attack.
Shuh Chin Goh and Sam Lister
Thursday April 21, 2022
This blog details the impact of a distributed phishing campaign against a financial services company, and highlights some of Darktrace’s analytical tools which can help security teams investigate similar threats.
Wednesday April 6, 2022
An attacker exploited vulnerabilities in Log4j to install Bughatch, Cobalt Strike Beacon, and NetSupport onto an Internet-facing VMware Exchange server within the network of a Darktrace customer. By inhibiting the attacker’s subsequent attempts to communicate with the compromised server, Antigena Network likely prevented ransomware from being deployed.
Tuesday April 5, 2022
In 2021 Internet-facing systems were some of the most heavily targeted for compromise. This blog explores four of the top zero-day vulnerabilities from the year and highlights how Darktrace was able to detect them.
Hanah Darley, Steve Robinson and Ross Ellis
Monday April 4, 2022
This blog analyzes a campaign-like pattern detected by Darktrace across multiple customers and industries which used the Log4j vulnerability to exploit compromised systems for crypto-mining, highlighting the multi-stage attack from initial C2 contact through payload retrieval to successful crypto-miner installation.