Darktrace continues to innovate with Microsoft in the shared mission to deliver proactive cyber protection tailored to every organization. Joint customers benefit from two distinct, complementary security approaches – combining large scale threat intelligence with enterprise-native security insights – to address the full range of email threats.

P2Pinfect, a sophisticated Rust-based malware, has evolved from a dormant spreading botnet to actively deploying ransomware and a cryptominer, primarily infecting Redis servers and using a P2P C2. The updated version includes a user-mode rootkit, but its ransomware impact is limited by the low privileges often associated with Redis.

Darktrace/Email detected a phishing attack that had originated from LinkedIn, where the attacker impersonated a well known construction company to conduct a credential harvesting attack on the target. Darktrace’s ActiveAI Security Platform played a critical role in investigating the activity and initiating real-time responses that were outside the physical capability of human security teams.

Vendors are scrambling to compare MTTD metrics laid out in the latest MITRE Engenuity ATT&CK® Evaluations. But this analysis is reductive, ignoring the fact that in cybersecurity, there are far more metrics that matter.

Ensuring trust, battling ransomware, and detecting novel attacks pose critical challenges in network security. This blog explores these challenges and shows how leveraging AI-driven security solutions helps security teams stay informed and effectively safeguard their network.

This blog investigates the network-based activity detected by Darktrace in compromises stemming from the exploitation of a vulnerability in Palo Alto Networks firewall devices, namely CVE-2024-3400.

Cado Security Labs (now part of Darktrace) identified a "Meeten" campaign deploying a cross-platform (macOS/Windows) infostealer called Realst. Threat actors create fake Web3 companies with AI-generated content and social media to trick targets into downloading malicious meeting applications.

With complex digital and physical systems, that are increasingly interconnected, the expanding attack surface calls for a unified security solution. Explore the challenges, risks, and potential solutions for organizations aiming at securing distribution centers from cyber threats.

See how Darktrace empowers organizations to fight back against Medusa ransomware, enhancing their cybersecurity posture with advanced technology.

This blog examines a network compromise that stemmed from the purchase of leaked credentials from the dark web. Credentials purchased from dark web marketplaces allow unauthorized access to internal systems. Such access can be used to exfiltrate data, disrupt operations, or deploy malware.

Cado Security labs researchers (now part of Darktrace) encountered a Linux malware campaign, "Spinning YARN," that targets Docker, Apache Hadoop, Redis, and Confluence. This campaign exploits vulnerabilities in these widely used platforms to gain access.

Many companies use third-party data management for efficiency, global access, collaboration, and reliability. Find out what those organizations need to know about addressing the security risks and best practices associated with third-party data management.

This blog delves into Darktrace’s investigation into the exploitation of the Citrix Bleed vulnerability on the network of a customer in late 2023. Darktrace’s Self-Learning AI ensured the customer was well equipped to track the post-compromise activity and identify affected devices.

Join us to learn about the risks of Microsoft Teams phishing and how to implement effective defenses to protect your organization.

In this blog we examine how Darktrace was able to detect and block malicious phishing emails sent via Microsoft Teams that were impersonating an international hotel chain.

This blog explores how Darktrace/Email was able to successfully identify a wave of phishing emails sent from addresses belonging to a major fast-food chain which were leveraged in a coordinated attack. Despite the use of non-English language emails and payloads hidden behind QR codes, Darktrace was able to detect the attack and block the phishing emails in the first instance.

Part 3: This blog discusses the impact of AI on cybersecurity solutions based on data from Darktrace’s State of AI Cybersecurity Report. Get the latest insights into the evolving challenges faced by organizations, the growing demand for skilled professionals, and the need for integrated security solutions by downloading the full report.

Uncover the tactics used to exploit ConnectWise vulnerabilities and strategies to protect your systems.

Most email security solutions either assume end-user reporting is of poor quality, so don’t prioritize it, or triage every user-reported email equally without any attempt to improve long-term efficiency. This blog explores how Darktrace aims to improve user reporting from the ground up, reducing the 90% falsely reported phishing and decreasing the load on security teams.

Understand the evolution of cloud-based attacks and the increasing use of alternative methods for initial access in cyber threats.