SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
AI Security
#
AI
#
Cybersecurity
Major technology manufacturer stops ransomware attack with AI
Thu, 3rd Mar 2022
FYI, this story is more than a year old
Author image
By Ryan Morris-Reade, Contributor
Follow us

Cybersecurity AI company Darktrace has announced that one of its customers successfully interrupted a Babuk ransomware attack with Darktrace's Autonomous Response technology, Antigena.

The multinational technology manufacturer, with headquarters in the Asia Pacific region, designs and manufactures technology solutions that facilitate the adoption of smart medical devices and electric and autonomous vehicles.

Darktrace says the organisation was using its detect, respond and investigate capabilities. The self-learning AI forms a constantly evolving understanding of the company's IT and operational technologies, allowing it to identify the subtle, emerging signs of cyber-threats in real-time.

Darktrace AI detected that a device within the business was behaving abnormally; it was performing network scanning and making unusual connections with other internal devices. The AI noted that this behaviour was out-of-the-ordinary and also malicious.

The algorithms then calculated the best action needed to autonomously contain the in-progress attack and block the infected device from making further connections while allowing normal business operations to continue both in the office and on the manufacturing floor.

These algorithms work by enforcing the normal life patterns for compromised users and devices. Darktrace says this targeted response is possible because of the AI's continually evolving understanding of what normal looks like at a granular level for each part of the company's digital ecosystem.

The AI found in its post-compromise analysis that the device was attempting to distribute files involving babyk ransomware extensions.

The double-extortion ransomware threat, Babuk, was discovered in 2021. It's a sophisticated campaign that has actively targeted high-value organisations globally. Operators have inflicted damage by encrypting files and crippling systems, and threatening to leak sensitive data if ransom payment is not received.

The attempted attack comes after warnings from government agencies about a global rise in cyber-threats, particularly those targeting critical infrastructure and organisations embedded in global supply chains.

"Ransomware attacks are effective ways for nation-states to carry out espionage, disrupt society and flex their muscles on a global stage," says Darktrace global head of Threat Analysis, Toby Lewis.

"The Babuk ransomware began its life as a Ransomware-as-a-Service (RaaS) tool, but since its source code was leaked in July, it has been adopted by several cyber-criminal groups to be used in different ways," he says.

"These attacks often strike out of hours, and so it has never been more important that the defenders of critical infrastructure use artificial intelligence to allow their organisations to self-defend against advanced threats."

Darktrace has over 6,500 customers worldwide. The company's approach applies self-learning AI to enable machines to understand the business to defend it autonomously. Headquartered in Cambridge, UK, Darktrace has 1,700 employees and over 30 offices worldwide. 

Related stories
Illumio unveils AI enhancements for faster Zero Trust Segmentation adoption
RiverSafe teams up with Cribl to boost IT & data security services
Business leaders anxious over data security – report
Half of online traffic in 2024 generated by bots, report finds
Axis unveils hybrid cloud platform for adaptable security solutions
Top stories
Fortinet recognised as Challenger in Gartner's 2024 Magic Quadrant for SSE
Coalition integrates cyber risk platform with top cloud services providers
Secolve & Asimily join forces to boost Australia's IoT security
Armis warns of major cyber-attack risk to 2024 global elections
i-PRO to support Genetec SaaS with new AI-enabled camera models