Darktrace, a global leader in cyber security AI, today announced that a global provider of financial services recently detected and stopped an attacker attempting to leverage a vulnerability in Log4j to deploy malicious code across the organization.
The company, which has total assets of over $5bn and operates across several continents, uses Darktrace’s Self-Learning AI to detect and respond to cyber-threats at machine speed across the digital estate. By constantly evolving its understanding of the company’s ‘normal’ operations, the AI is able to spot the subtle signs of emerging threats and autonomously interrupt in-progress attacks.
In early March, Darktrace’s AI detected that a Virtual Desktop Infrastructure (VDI) server at the company was behaving unusually, downloading a shell script from a suspicious external endpoint. The attacker had exploited a Log4j vulnerability for initial access and was attempting to use the server to conduct network reconnaissance and perform lateral movement activity.
The attack prompted the organization to activate Darktrace’s Autonomous Response technology, Antigena, which was able to contain the threat in seconds without interrupting regular business activity on the VDI server. The company has now set Antigena to constant ‘Active Mode’, whereby the AI can independently and intelligently take action to interrupt emerging attacks.
Without the intervention of Darktrace AI, the attacker would have broadened their presence within the organization and would have been able to deploy ransomware or exfiltrate sensitive data.
“High impact vulnerabilities like Log4j allow cyber-attackers to compromise systems with little effort, and responding quickly is absolutely crucial,” said Max Heinemeyer, VP of Cyber Innovation at Darktrace. “Without complete visibility over the organization and a machine speed response using powerful technology like AI, security teams would be fighting a losing battle when it comes to these sophisticated attacks. In this instance, the AI contained the attack in the nick of time – ensuring that the company did not suffer financial or reputational damage.”