Company Targeted by 'BumbleBee', a Sophisticated Malware Loader
CAMBRIDGE, England, May 19, 2022 /PRNewswire/ -- Darktrace, a global leader in cyber security AI, today announced that a UK retailer used Darktrace's AI to stop a cyber-attack attempting to leverage 'BumbleBee', a new malware loader known to be used by Russia-based ransomware group Conti among other cyber-criminal entities.
The company, a major UK retailer founded over 20 years ago, was leveraging Darktrace's Self-Learning AI when it was targeted by a cyber-attack. The AI had established an evolving understanding of 'normal' for the company's operations in order to detect the subtle indicators of an emerging cyber-threat.
In the early hours of one morning in April, Darktrace's AI detected that an internal device was communicating unusually with multiple external endpoints. The AI began investigating the activity in real time and the company's security team were alerted to potentially malicious activity, enabling them to take the compromised device offline before malware could spread through the organization.
The AI was able to detect the activity without any need for new threat signatures or a feed of threat intelligence, while human analysis was then used to identify the explicit strain of malware. BumbleBee is believed to have replaced Conti's 'BazarLoader', which the Russia-based group infamously used to deploy ransomware. Loaders typically serve as the first stage of a cyber-attack, offering cyber-criminals the ability to deploy malicious code at scale, and serve as a bridgehead into compromised networks to push other malware, including ransomware.
"We've seen a dangerous surge in malware loader activity in recent months as attackers seek out new techniques that will avoid traditional methods of detection," commented Toby Lewis, Darktrace's Global Head of Threat Analysis. "These attack tools, particularly novel variants like BumbleBee, illustrate the need for cutting-edge technology like AI that understands the shades of grey in very complex systems. Defenders shouldn't have to wait for the release of threat indicators and threat intelligence before they are able to detect and respond to these attacks."
Darktrace (DARK:L), a global leader in cyber security AI, delivers world-class technology that protects over 6,800 customers worldwide from advanced threats, including ransomware and cloud and SaaS attacks. Darktrace's fundamentally different approach applies Self-Learning AI to enable machines to understand the business in order to autonomously defend it. Headquartered in Cambridge, UK, the Group has more than 2,000 employees worldwide. Darktrace was named one of TIME magazine's 'Most Influential Companies' for 2021.
+44 (0) 7983 857952
+1 419 350 4614
These press releases may also interest you