Darktrace Artificial Intelligence Stops Cyberattack at Italian Electronics Distributor
Vulnerability allows attackers to run arbitrary commands, including the ability to delete, modify, and exfiltrate private source code.
February 17, 2022
PRESS RELEASE
CAMBRIDGE, England, Feb. 17, 2022 /PRNewswire/ -- Darktrace, a global leader in cyber security AI, today announced that its Autonomous Response technology, Antigena, successfully took action to stop a cyber-attack exploiting a GitLab vulnerability for the purposes of running crypto-mining malware at a major Italian electronics distributor.
The GitLab vulnerability, which has been well reported, allows attackers to run arbitrary commands, including the ability to delete, modify, and exfiltrate private source code. Research revealed that over 6 months after a patch for the vulnerability was released, over 30,000 publicly accessible GitLab servers remained unpatched and open to exploitation. The attacks have been opportunistic, indiscriminate and automated.
Powered by Self-Learning AI, Darktrace technology develops an understanding of normal business operations for each organization which allows it to spot abnormal activity. From this understanding, Antigena was able to make micro-decisions and autonomously quarantine the infected devices, preventing lateral movement of the suspected cryptojacking threat actor – all without business disruption. With the CISO out of office and not due to return for another two weeks, compounded by having a small security team, without autonomous response technology the attack would have escalated causing disruption that would have impacted the company financially and reputationally. Though the attacker was caught using the GitLab vulnerability to mine cryptocurrency, the exploitation of this vulnerability could have served as the first stage of a more destructive ransomware attack, or resulted in the theft of intellectual property.
Darktrace reports that every minute, of every day, its autonomous response technology stops a threat from escalating and it is capable of taking action in seconds.
About Darktrace
Darktrace (DARK:L), a global leader in cyber security AI, delivers world-class technology that protects over 6,500 customers worldwide from advanced threats, including ransomware and cloud and SaaS attacks. Darktrace's fundamentally different approach applies Self-Learning AI to enable machines to understand the business in order to autonomously defend it. Headquartered in Cambridge, UK, Darktrace has over 1,700 employees and over 30 offices worldwide. Darktrace was named one of TIME magazine's "Most Influential Companies" for 2021.
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024