Darktrace Adds Early Warning System To Antigena Email

Phishing Scheme Attempted to Leverage Legitimate Government Site for Solicitation of Fake Philanthropic Donations

Sydney, Australia – Wednesday 22 June 2022 – Darktrace, a global leader in cyber security AI, today announced that its Antigena Email product has added an early warning system, allowing members of the Darktrace community to contribute and benefit from insights gleaned from across the fleet. This new capability is now available to Antigena Email users and includes the extension of anonymised, learned domain behavioural profiles across Darktrace’s expansive and diverse group of global customers.

“Darktrace stops all kinds of cyber-attacks against organisations in every sector in over 110 countries globally. That represents a huge bank of knowledge about how malicious payloads behave in the very earliest stage of a cyber-attack,” commented Jack Stockdale, OBE, Darktrace CTO. “Antigena Email has now realised the vision of leveraging collaborative, anonymised insights to leave attackers with nowhere to hide.”

Ninety-four percent of cyber-attacks begin in the inbox. As organisations continue to rely on email as a primary workplace collaboration tool and attacks become increasingly novel and sophisticated, email security technologies that rely on behaviour rather than threat intelligence become more imperative.

Darktrace’s Self-Learning AI observes emails to build bespoke behavioural profiles for each customer and leverages these behavioural profiles, rather than a ledger of binary ‘good’ or ‘bad,’ to accurately determine whether each email belongs in a recipient’s inbox. Antigena Email uniquely analyses domains within email addresses and links in email bodies and attachments to evaluate their popularity and typical presence in the inbox.

Now, when Antigena detects unusual domain behaviour in a customer environment, a supplementary interpretation can be made by comparison with this new fleet-wide version of the behavioural profiles. This new functionality can lead to increased suspicion, for example, of a potential account compromise when a fleet-wide popular domain suddenly strays from its usual behavioural patterns – even in a trusted supplier or vendor.

This update recently allowed Darktrace to stop a phishing campaign sent from a compromised government account in South America that was soliciting fake philanthropic donations. Although the government domain was legitimate, the attacker had inserted their own “reply-to” address into the email headers. This address had zero domain precedent locally or globally and, in combination with other indicators, led Antigena Email to flag this email as suspicious.

About Darktrace

Darktrace (DARK:L), a global leader in cyber security AI, delivers world-class technology that protects over 6,800 customers worldwide from advanced threats, including ransomware and cloud and SaaS attacks. Darktrace’s fundamentally different approach applies Self-Learning AI to enable machines to understand the business in order to autonomously defend it. Headquartered in Cambridge, UK, the Group has more than 2,000 employees worldwide. Darktrace was named one of TIME magazine’s ‘Most Influential Companies’ for 2021.

 

New Media Releases

Rubrik Surpasses $400 Million in Subscription ARR and Launches Rubrik Zero Labs, Data Threat Research Unit to Help Combat Global Cyber Events

The launch of Rubrik Zero Labs, Rubrik’s new cybersecurity research unit to analyse the global threat landscape, report on emerging data security issues and give organisations research-backed insights and best practices to secure their data against the increasing threat of cyber events.
The appointment of Former Mandiant Vice President and distinguished cybersecurity expert, Steven Stone, to head the newly-launched Rubrik Zero Labs
It has surpassed $400 million in software subscription annual recurring revenue (ARR) to date, growing over 100 percent year over year.

Macquarie Telecom Group delivers 8 successive years of EBITDA growth

Macquarie Telecom Group (ASX: MAQ) has announced its FY22 results, topping its guidance and marking the eighth successive year of EBITDA growth with a 19.8% rise to $88.4M as demand for its cyber services rose.

The company exceeded $300 million in revenue (8.5% rise) across its data centre, cloud, government and telco businesses, with CEO David Tudehope highlighting strong growth in the company’s cyber security services. In FY23, Macquarie will continue to invest heavily, including by increasing the total IT load capacity of its IC3 East data centre by 1 megawatt and injecting up to $80M in CAPEX.

Recent Podcast Episodes

The Production Team

The KBI Production Team write and hunt down the information security professionals need to know. They present news updates and thought-piece articles designed to provide educational content and insights for the industry. You can reach out with any ideas or requests for subject coverage to production@kbi.media with your message.

Share This