Over the past few months, Darktrace has observed several cases of malicious actors registering an application called ‘PerfectData Software’ during hijackings of Microsoft 365 accounts. In this blog, we will provide details of these account hijackings, along with details of Darktrace’s coverage.

This blog investigates the relatively new strain of ransomware Hive, which is a ransomware-as-a-service that was first observed in 2021. Darktrace detected several customers infected by Hive ransomware and was able to provide full visibility over the attacks.

This blog discusses Darktrace’s detection of a large-scale SaaS compromise and the subsequent phishing attack propagating through a learning institution.

An 'air gap' is a security measure meant to reduce cyber risk by ensuring the separation between two systems. However, air-gapped systems have vulnerabilities. Darktrace provides enhanced visibility and resilience for air-gapped systems.

Not all ICES is created equal, as that category contains products with a variety of security and integration capabilities. Darktrace/Email uses Self-Learning AI for bespoke, precise protection that integrates across the digital estate.

Banking trojans, designed to steal confidential information, are constantly adapting to avoid detection from security tools. Gozi-ISFB is one of these banking trojans that has caused a recent concern, read more about how Darktrace's Self-Learning AI was able to spot these attacks.

In a crowded market for ICES vendors, those who can offer flexible deployment will remain ahead of the game. This blog explores how vendors can leverage APIs, journaling, cloud and on-premise deployment to provide bespoke in-depth defense for every organization.

While 94% of all cyber-attacks come through the inbox, their destination is almost never email. Attacks often traverse to other areas, like cloud apps and infrastructure, endpoints, or networks. As a result, although security teams must establish a strong cornerstone of email security, they should also consider how those solutions fit into the wider security posture.

This blog demonstrates the relationship between Microsoft Defender and Darktrace security solutions. It takes a deep dive into the relationship between Darktrace DETECT, RESPOND, and Microsoft Defender, providing real examples as to how the two are able to integrate with each other and support security teams.

As the practical users of email, employees should be considered when designing email security. This employee-conscious lens to security can strengthen defenses, improve productivity, and prevent data loss.

This blog post dissects two phishing attempts from known and unknown correspondents: a payroll diversion scam from unknown sender, and a malicious Microsoft 365 credential-stealing Box link from a known domain pretending to be a scanned PDF document sent for review.

At the end of January 2023, threat actors began to abuse OneNote email attachments to deliver Qakbot onto users' devices. Widespread adoption of this novel delivery method resulted in a surge in Qakbot infections across Darktrace's customer base between the end of January 2023 and the end of February 2023. In this blog, we will provide details of these so-called 'QakNote' infections, along with details of Darktrace's coverage of the steps involved in them.

This blog outlines the challenges faced by security teams in protecting organizations from email-based attacks. It explores how a modern, AI-based security solution can tackle these pain points with targeted autonomous action, frictionless UIs, optimized workflows and full visibility of account users.

This blog explains the impact of generative AI on email attacks, and outlines what defenders can do to prepare for more sophisticated and targeted attacker campaigns.

As attackers move from low sophistication, spray-and-pray campaigns to more targeted and sophisticated attacks, email security needs to understand the organization, not past attacks, to be able to keep up with attacker innovation and stop novel attacks on the first time of asking.

Amadey Info-stealer malware was detected across over 30 customers between August and December 2022, spanning various regions and industry verticals. This blog highlights the resurgence of Malware as a Service (MaaS) and the leveraging of existing N-Day vulnerabilities in SmokeLoader campaigns to launch Amadey on customers’ networks. This investigation was part of Darktrace’s continuous Threat Research work in efforts to identify and contextualize threats across the Darktrace fleet, building off of AI insights through collaborative human analysis.

Multi-Factor Authentication (MFA) has been widely adopted as a security measure against common account takeover methods. However, the industry is seeing more and more examples of MFA compromise wherein threat actors exploit the security tool itself to gain account access.

Between June 2021 and June 2022, crypto-currency platforms around the world lost an estimated 44 billion USD to cyber criminals, whose modus operandi range from stealing passwords and account recovery phrases, to cryptojacking and directly targeting crypto-currency transactions.

Compliance breaches can significantly damage a company’s finances and reputation if not properly addressed. However, compliance is often an afterthought for security teams responding to cyber security incidents, with many organizations seeing compliance issues as “rule breaking employees” rather than legitimate threats to their network. See here how Darktrace helps organizations adhere to compliance regulations.

This blog explains the benefits of thinking like an attacker and modeling attack paths in order to understand where you need to invest your defenses.

As the prevalence of Software-as-a-Service (SaaS) and multi-factor authentication (MFA) as a primary vector of attack continues across a variety of organizations and of every size in multiple industries, it is more important now than ever for organizations to utilize every tool at their disposal to mitigate account compromise at the earliest possible stage.

In the latter half of 2022, Darktrace observed a rise in Vidar Stealer infections across its client base. These infections consisted in a predictable series of network behaviors, including usage of certain social media platforms for the retrieval of Command and Control (C2) information and usage of certain URI patterns in C2 communications. In the blog post, we will provide details of the pattern of network activity observed in these Vidar Stealer infections, along with details of Darktrace’s coverage of the activity.

Despite the market value of cryptocurrency itself decreasing in the final quarter of 2022, the number of known cryptocurrency mining software variants had more than trebled compared to the previous year. The intensive resource demands of mining cryptocurrency has exacerbated the trend of malicious hijacking third-party computers causing slower processing speeds and higher energy bills for many companies.

A recent IDC report found that only 34% of companies feel like pentesting and red teaming exercises provide them with actionable insights on where and how to harden their defenses. This blog summarizes the report and explains how Darktrace PREVENT can help organizations proactively harden defenses.