Cybersecurity firm Darktrace announced that its Autonomous Response technology, Antigena, could successfully stop an in-progress ransomware attack targeting a South African financial services company.
The company, a growing firm providing various financial services to customers across South Africa, was trialing Darktrace AI when it was targeted by a ransomware attack.
The AI technology had formed a unique understanding of the company’s ‘normal’ behavior across its digital estate so it could spot the subtle signs of a threat and fight back at machine speed.
In the early morning hours in mid-March 2022, Darktrace AI detected that a mail server within the company was making unusual HTTP connections to an external endpoint, indicating communication with a malicious server on the internet.
Equipped with an understanding of the organization’s ‘normal’ operations, the AI instantly identified that this behavior was abnormal and potentially threatening.
The compromised mail server subsequently attempted to perform reconnaissance and lateral movement. Attackers were using 11 employees’ credentials during the incident, including those belonging to C-level executives. Following this, additional machines in the organization began communicating with the malicious external server.
Darktrace’s Autonomous Response technology then took action to interrupt further communication with the malicious server on the internet across the organization, while allowing the previously learned, regular behavior of machines to continue.
The response was targeted and proportionate, avoiding disruption to normal business operations. After the attack was contained, the company’s security team and dedicated Darktrace experts were able to conduct a full investigation to ensure that the attack was fully contained.
Max Heinemeyer, VP of Cyber Innovation, Darktrace, shared:“The speed and scale of ransomware attacks today makes it absolutely critical that organizations are armed with technology capable of interrupting in-progress, sophisticated attacks without relying on humans to take the sledgehammer out and interrupt wider business operations in the incident response process”.
Heinemeyer further added:
“It is inevitable that attackers will strike, often out-of-hours, and stories like these elucidate the power of handing over the keys to AI as the first responder to maintain business as usual while freeing up human teams to focus on high-level work like strategy and cyber hygiene.”