University of Technology Stops Information Stealing Cyber Attacks Using Darktrace AI
University targeted by “PrivateLoader”, a pay-per-install malware distribution service
Cambridge, UK, May 5, 2022 /PRNewswire/ — Darktrace, a global leader in AI for cybersecurity, announced today that an African technology university stopped a recent cyberattack using Darktrace’s AI. The attackers attempted to distribute PrivateLoader malware, a pay-per-install malware service commonly associated with cryptomining and IP theft.
The public university, which has been in Africa, awards students with bachelor’s and master’s degrees in technology-related subjects. The university holds large amounts of valuable intellectual property, including government-funded research in the fields of artificial intelligence, robotics, and sustainable energy solutions, which are a prime target for financially motivated cybercriminals as well as government-sponsored attackers.
The university was targeted during a trial of Darktrace’s AI in mid-April. AI technology had developed a unique understanding of the university’s “normal” operations across its entire digital inventory, allowing it to spot the extraordinary activity that indicated an attack. In this case, the AI detected a desktop connected to a rare external endpoint using a mechanism that was inconsistent with their technology stack.
The IP address was subsequently tracked by Darktrace’s AI Analyst and found to be related to the PrivateLoader pay-per-install malware service. The compromised device was then observed for activity indicative of “RedLineStealer” and “MarsStealer,” information-stealing malware that exfiltrate data to monetize it through direct use or distribution on dark web sites.
Darktrace AI detected the attack in its earliest stages and the threat was disrupted before critical research or student data could be exfiltrated. After the attack was contained, a thorough investigation into the incident was conducted to ensure the university’s future cyber resilience.
“PrivateLoader is an emerging malware service that has grown in popularity over the past year. It is not surprising that attackers are targeting a university with this attack tool, which is typically used to proliferate malware that steals information and can collect the critical data that universities hold for financial purposes or more political purposes,” he commented Toby Lewis, Global Head of Threat Analysis at Darktrace. “By considering a number of subtle indicators from across the enterprise, including time of day, duration, incoming and outgoing data, and peer analysis of similar devices and users, the self-learning AI is uniquely able to detect these threats at the earliest stages – before critical data falls into the wrong hands.”
Darktrace (DARK:L), a global leader in AI for cybersecurity, provides best-in-class technology protecting over 6,800 customers worldwide against advanced threats including ransomware, cloud and SaaS attacks. Darktrace’s fundamentally different approach applies self-learning AI to enable machines to understand business in order to defend it autonomously. headquarters in Cambridge, UKthe group employs more than 2,000 people worldwide. Darktrace was named one of TIME Magazine’s “Most Influential Companies” for 2021.