Had Darktrace been deployed across the digital infrastructure, the initial hijacking of the account would have been obvious right away. The first sign of attack was the highly unusual use of an administrator account not previously seen on the network, suggesting that the attackers had gained access to the account outside the limited scope of the Darktrace trial before moving laterally to the monitored environments.
The colored dots represent particularly high-confidence detections, which should have prompted immediate investigation by the security team. The anomalous activity is organized vertically according to how unusual each behavior was in comparison to “normal” for the users and devices involved. Rooted in its evolving understanding of ‘self’ for the targeted firm, Darktrace AI flagged myriad instances of anomalous behavior over the course of the incident - each represented by a dot in the visualization above. Here’s how this particular incident unfolded, as well as how AI Autonomous Response technology, if in active mode, would have contained the threat in seconds: Incident overviewįigure 1: Clustering of alerts during intrusion (top right) Leveraged very often in the final stage of such tailored attacks, Ryuk encrypts only crucial assets in each targeted environment that the attackers have handpicked.
In the threat detailed below, cyber-criminals targeted a major firm with Ryuk ransomware, which Darktrace observed during a trial deployment period. Catching such attacks requires AI-powered tools that learn what’s normal for each unique user and device, thereby shining a light on the subtle signs of unusual activity that they introduce. In recent years, cyber-criminals have increasingly directed their efforts toward sophisticated, long-haul attacks against major companies - a tactic known as “big game hunting.” Unlike standardized phishing campaigns that aim to deliver malware en masse, big game hunting involves exploiting the particular vulnerabilities of a single, high-value target. Max Heinemeyer, Director of Threat Hunting | Wednesday October 2, 2019
0 kommentar(er)
