Artificial Intelligence | News | Insights | AiThority
[bsfp-cryptocurrency style=”widget-18″ align=”marquee” columns=”6″ coins=”selected” coins-count=”6″ coins-selected=”BTC,ETH,XRP,LTC,EOS,ADA,XLM,NEO,LTC,EOS,XEM,DASH,USDT,BNB,QTUM,XVG,ONT,ZEC,STEEM” currency=”USD” title=”Cryptocurrency Widget” show_title=”0″ icon=”” scheme=”light” bs-show-desktop=”1″ bs-show-tablet=”1″ bs-show-phone=”1″ custom-css-class=”” custom-id=”” css=”.vc_custom_1523079266073{margin-bottom: 0px !important;padding-top: 0px !important;padding-bottom: 0px !important;}”]

Darktrace AI Stops Sophisticated Ransomware Attack At South African Financial Services Provider

Attackers Caught Using Email Credentials of C-Level Executives

Darktrace, a global leader in cyber security AI, announced that its Autonomous Response technology, Antigena, successfully stopped an in-progress ransomware attack that recently targeted a financial services company in South Africa.

The company, a growing firm providing various financial services to customers across South Africa, was trialing Darktrace AI when it was targeted by a ransomware attack. The AI technology had formed a unique understanding of the company’s ‘normal’ behavior across its digital estate so it could spot the subtle signs of a threat and fight back at machine speed.

Recommended AI News: UpGrad KnowledgeHut Unveils Industry-first Data Science Bootcamp

In the early morning hours in mid-March 2022, Darktrace AI detected that a mail server within the company was making unusual HTTP connections to an external endpoint, indicating communication with a malicious server on the internet. Equipped with an understanding of the organization’s ‘normal’ operations, the AI instantly identified that this behavior was abnormal and potentially threatening.

Related Posts
1 of 41,083

The compromised mail server subsequently attempted to perform reconnaissance and lateral movement. Attackers were using 11 employees’ credentials during the incident, including those belonging to C-level executives. Following this, additional machines in the organization began communicating with the malicious external server.

Recommended AI News: Red Hat Adds Common Criteria Certification for Red Hat Enterprise Linux 8

Darktrace’s Autonomous Response technology then took action to interrupt further communication with the malicious server on the internet across the organization, while allowing the previously learned, regular behavior of machines to continue. The response was targeted and proportionate, avoiding disruption to normal business operations. After the attack was contained, the company’s security team and dedicated Darktrace experts were able to conduct a full investigation to ensure that the attack was fully contained.

“The speed and scale of ransomware attacks today makes it absolutely critical that organizations are armed with technology capable of interrupting in-progress, sophisticated attacks without relying on humans to take the sledgehammer out and interrupt wider business operations in the incident response process,” commented Max Heinemeyer, VP of Cyber Innovation, Darktrace. “It is inevitable that attackers will strike, often out-of-hours, and stories like these elucidate the power of handing over the keys to AI as the first responder to maintain business as usual while freeing up human teams to focus on high-level work like strategy and cyber hygiene.”

Recommended AI News: Moloco Names Dharti Patel as Chief Accounting Officer

[To share your insights with us, please write to sghosh@martechseries.com]

Comments are closed.