CAMBRIDGE, UNITED KINGDOM, March 23, 2022 /PRNewswire/ — Darktrace, a global leader in AI for cybersecurity, today announced that a global financial services provider recently detected and stopped an attacker attempting to exploit a vulnerability in Log4j to deploy code malicious throughout the organization.
The company, which holds total assets of more than $5 billion and operates on multiple continents, uses Darktrace’s self-learning AI to detect and respond to cyber threats at machine speed across the entire digital realm. By constantly evolving its understanding of “normal” business operations, AI is able to spot subtle signs of emerging threats and autonomously disrupt attacks in progress.
In early March, Darktrace AI detected that a company’s Virtual Desktop Infrastructure (VDI) server was behaving unusually, downloading a shell script from a suspicious external endpoint. The attacker had exploited a Log4j vulnerability for initial access and was attempting to use the server to perform network reconnaissance and perform lateral movement activity.
The attack prompted the organization to activate Darktrace’s autonomous response technology, Antigena, which was able to contain the threat within seconds without interrupting normal business activity on the VDI server. The company has now set Antigena to a constant “active mode”, whereby the AI can act independently and intelligently to interrupt emerging attacks.
Without the intervention of Darktrace AI, the attacker would have expanded their presence within the organization and could have deployed ransomware or exfiltrated sensitive data.
“High-impact vulnerabilities like Log4j allow cyber attackers to compromise systems with little effort, and reacting quickly is absolutely crucial,” said Max Heinemeyer, Vice President of Cyber Innovation at Darktrace. “Without full organizational visibility and machine-speed response using powerful technology like AI, security teams would be fighting a losing battle against these sophisticated attacks. In this case, AI contained the attack in no time – ensuring that the company has not suffered any financial or reputational damage.”
Darktrace (DARK:L), a global leader in cybersecurity AI, provides world-class technology that protects over 6,500 customers worldwide against advanced threats, including ransomware, cloud and SaaS attacks. Darktrace’s fundamentally different approach applies self-learning AI to enable machines to understand the business in order to defend it autonomously. Based at Cambridge, United Kingdom, the company has more than 1,700 employees and more than 30 offices worldwide. Darktrace was named one of TIME magazine’s “Most Influential Companies” for 2021.