Darktrace AI stops Emotet trojan cyber-attack

Posted on 24 February, 2022 by Advance 

Cambridge based Darktrace announced today that its Autonomous Response technology, Antigena, successfully took action to halt a recent cyber-attack targeting a construction supply enterprise in Saudi Arabia.

Image copyright Shutterstock

The company, which has been in business for over 50 years and has over 35 branches, was infiltrated by attackers in the early hours of the morning. Darktrace's Self-Learning AI spotted that a company device was compromised by Emotet, an infamous trojan that rapidly spreads malware from device to device, exfiltrating sensitive financial information. Emotet, which had defeated static security controls in the organisation, is often the pre-cursor to ransomware if left uninterrupted.

Within minutes, Darktrace AI took action to successfully block malicious communications occurring between the infected device and an unusual host.

Self-Learning AI formed a constantly evolving understanding of both IT and operational technologies at the Saudi Arabian construction giant, allowing it to identify the subtle, emerging signs of Emotet. Within seconds, the algorithms took targeted action to interrupt the encroaching attack. This allowed the organisation to continue normal business operations without disruption and investigate the incident further.

The attack occurred amidst rising global cyber tensions and follows warnings from the Five Eyes urging companies to bolster defenses – particularly operators of critical national infrastructure or organisations that are critical to global supply chains.

"Since its emergence in 2014 the Emotet trojan has undergone multiple iterations and recently made a comeback globally," commented Max Heinemeyer, Director of Threat Hunting at Darktrace. "Emotet is particularly dangerous because this type of botnet can quickly escalate into something like ransomware if not stopped. Business leaders should know there is technology out there that can stop these attacks in their tracks, before sensitive data leaves the organization and before any ransom is demanded."