Cybersecurity firm Darktrace on Thursday announced its AI technology had been used by a major UK retailer to stop a cyberattack by “BumbleBee”, a new malware loader known to be used by Russian cybercriminals.
Since adoption, Darktrace's Self-Learning AI had established an evolving understanding of “normal” for the 20-year-old retailer's operations so it could detect faint indicators of emerging cybercrime.
The BumbleBee attack came in April in the early hours.
Darktrace's AI detected that an internal device was communicating unusually with multiple external endpoints. The AI began investigating the activity in real time and the company's security team was alerted to potentially malicious activity, enabling them to take the compromised device offline before malware could spread through the organisation.
“We've seen a dangerous surge in malware loader activity in recent months as attackers seek out new techniques that will avoid traditional methods of detection,” said Toby Lewis, Darktrace's global head of threat analysis.
“These attack tools, particularly novel variants like BumbleBee, illustrate the need for cutting-edge technology like AI that understands the shades of grey in very complex systems.
“Defenders shouldn't have to wait for the release of threat indicators and threat intelligence before they are able to detect and respond to these attacks.”
Russia's cyber playbook
Russia has long been associated with cyberwarfare, most notoriously Russian-based ransomware group Conti, which in April accessed multiple critical systems in Costa Rica's finance ministry.
BumbleBee is believed to have replaced Conti's “BazarLoader”.
Loaders typically serve as the first stage of a cyberattack, offering cybercriminals the ability to deploy malicious code at scale, and serve as a bridgehead into compromised networks to push other malware, including ransomware.
The efflorescence of malware malefactors has acted as a crucible for a new industry of tech sheriffs which attempt to bring law and order to the “wild web.”
Cambridge-based Darktrace's cybersecurity AI protects more than 6,800 customers worldwide from advanced threats, including ransomware, cloud and SaaS (software as a service) attacks.
It applies Self-Learning AI to enable machines to understand the business in order to defend it autonomously.