Darktrace Artificial Intelligence Stops Cyberattack at Italian Electronics Distributor

Vulnerability allows attackers to run arbitrary commands, including the ability to delete, modify, and exfiltrate private source code.

February 17, 2022

2 Min Read

PRESS RELEASE

CAMBRIDGE, England, Feb. 17, 2022 /PRNewswire/ -- Darktrace, a global leader in cyber security AI, today announced that its Autonomous Response technology, Antigena, successfully took action to stop a cyber-attack exploiting a GitLab vulnerability for the purposes of running crypto-mining malware at a major Italian electronics distributor.

The GitLab vulnerability, which has been well reported, allows attackers to run arbitrary commands, including the ability to delete, modify, and exfiltrate private source code. Research revealed that over 6 months after a patch for the vulnerability was released, over 30,000 publicly accessible GitLab servers remained unpatched and open to exploitation. The attacks have been opportunistic, indiscriminate and automated.

Powered by Self-Learning AI, Darktrace technology develops an understanding of normal business operations for each organization which allows it to spot abnormal activity. From this understanding, Antigena was able to make micro-decisions and autonomously quarantine the infected devices, preventing lateral movement of the suspected cryptojacking threat actor – all without business disruption. With the CISO out of office and not due to return for another two weeks, compounded by having a small security team, without autonomous response technology the attack would have escalated causing disruption that would have impacted the company financially and reputationally. Though the attacker was caught using the GitLab vulnerability to mine cryptocurrency, the exploitation of this vulnerability could have served as the first stage of a more destructive ransomware attack, or resulted in the theft of intellectual property.

Darktrace reports that every minute, of every day, its autonomous response technology stops a threat from escalating and it is capable of taking action in seconds.

About Darktrace

Darktrace (DARK:L), a global leader in cyber security AI, delivers world-class technology that protects over 6,500 customers worldwide from advanced threats, including ransomware and cloud and SaaS attacks. Darktrace's fundamentally different approach applies Self-Learning AI to enable machines to understand the business in order to autonomously defend it. Headquartered in Cambridge, UK, Darktrace has over 1,700 employees and over 30 offices worldwide. Darktrace was named one of TIME magazine's "Most Influential Companies" for 2021.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights