Darktrace Detects Malware Botnet Infection in Leading Financial Services Company

Multiple Compromises Detected and Mitigated by Enterprise Immune System and Synoptek’s Cyber Security Experts

San Francisco, CA
Thursday June 22, 2017

Darktrace, the leader in Enterprise Immune System technology, and Synoptek, an award-winning Managed IT Services Provider (MSP), have today announced the successful detection and remediation of a large-scale malware infection in a leading financial institution’s network.

Due to the sensitive nature of their data and the stringent regulatory environment within which they operate, financial institutions are consistently targeted by threat actors. In addition, this particular organization lacked a dedicated and robust security team. To meet these challenges, the financial institution deployed Darktrace’s Enterprise Immune System to detect and defend against pernicious cyber-threats. It also turned to a leading MSP, Synoptek, to assist with threat investigation and analysis.

A few weeks after deploying Darktrace’s self-learning technology, the AI algorithms alerted the financial institution to a serious anomaly in its network. Eight VoIP devices were spotted reaching out for new databases which contained the ShellShock vulnerability, a form of malware predominantly associated with DDoS attacks that performs stealthy scans of the network. The unpatched devices were managed by a third-party service provider who failed to maintain the appropriate patch levels.

As a result, the internet-connected phones had been compromised and brought into the fold of a large and sophisticated botnet army. Thanks to the complete visibility into the financial institution’s network enabled by Darktrace’s AI technology, the customer was able to identify more than 60 other devices that were vulnerable to compromise. The Enterprise Immune System uncovered the emerging threat within minutes. Once the attack had been identified and neutralized, the customer was able to rely on Synoptek’s expertise to remediate any impacted devices. Additionally, Synoptek helped the customer craft new security policies that third party service providers must adhere to when providing services containing IoT devices to the company.

Powered by unsupervised machine learning, the Enterprise Immune System is capable of learning ‘self’ for corporate networks. Darktrace’s AI algorithms uniquely establish a ‘pattern of life’ for every network, device, and user without the use of rules, signatures, or prior assumptions of ‘bad’, thus allowing companies to detect never-seen-before threats. Darktrace’s autonomous response technology, Antigena, completes the platform by taking immediate, precise and proportionate action, buying back the time for security teams and their MSPs.

“Financial services organizations remain a top target for sophisticated cyber attacks, but some of these boutique firms often do not have the resources and processes to detect anomalies within their networks,” commented Tim Britt, CEO, Synoptek. “Synoptek and Darktrace, which provides a truly game-changing AI technology, have partnered to provide continuous operational processes that leverage a great technology to improve IT security operations and achieve a more mature cyber security strategy.”

“Across our 2,500 deployments, we spot and stop malicious infections every day,” commented Justin Fier, Director of Cyber Intelligence and Analytics, Darktrace. “Without the company’s use of Darktrace’s AI technology, it would lack even the basic visibility required for identifying this insidious threat, as it was emerging. Our partnership with Synoptek’s invaluable MSP program has allowed for companies that lack a robust security team to efficiently identify and investigate serious in-progress cyber-threats before they can do real damage.”

About Darktrace

Darktrace is the world’s leading machine learning company for cyber security. Created by mathematicians from the University of Cambridge, the Enterprise Immune System uses AI algorithms to automatically detect and take action against cyber-threats within all types of networks, including physical, cloud and virtualized networks, as well as IoT and industrial control systems. A self-configuring platform, Darktrace requires no prior set-up, identifying advanced threats in real time, including zero-days, insiders and stealthy, silent attackers. Headquartered in San Francisco and Cambridge, UK, Darktrace has 24 offices worldwide.

About Synoptek

Synoptek offers IT consulting, managed services, cloud services, and on-premise IT management as well as 24/7 end user support for improving business results. With over 525 employees and more than 2,000 active customers in the United States and abroad, Synoptek provides comprehensive information technology management services and support. Synoptek leverages ITIL service management processes, customer-focused IT architecture, and operational excellence to deliver uninterrupted services demanded by today’s market. Over the past four years, Synoptek has been consistently recognized for thought leadership and growth as confirmed by industry awards and recognition including a #4 Total-Service-Provider by MSPmentor in the World’s Top Managed Service Providers in 2016, CRN’s Elite 150 Managed Service Providers, and recognition on the Talkin’ Cloud Top 100 Cloud Service Providers list for 2014, 2015, and 2016. For more information, visit www.synoptek.com.