-- Most targeted industry shifts from the financial and insurance sector in 2020

Darktrace, a global leader in cyber security AI, today reported that the 
information technology (IT) and communications sector was the most targeted 
industry globally in 2021, as uncovered by Darktrace's security researchers. 

Darktrace's data is developed by 'early indicator analysis' that looks at the 
breadcrumbs of potential cyber-attacks at several stages before they are 
attributed to any particular actor and before they escalate into a full-blown 
crisis. Darktrace's findings show that its artificial intelligence autonomously 
interrupted an average of 150,000 threats per week against the sector in 2021.

The IT and communications sector includes telecommunications providers, 
software developers, and managed security service providers, amongst others. 
Darktrace also defends several backup vendors and has observed a growing trend 
of hackers targeting backup servers in an attempt to deliberately disable or 
corrupt backup files by deleting a single index file that would render all 
backups inaccessible. Attackers could then launch ransomware attacks against 
the clients of the backup vendor, preventing recovery and forcing payment. 

In 2020, the most attacked industry across Darktrace's global customer base was 
the financial and insurance sector, showing that cyber-criminals have shifted 
their focus over the last 12 months.   

"Over the last 12 months, it is clear that attackers are relentlessly trying to 
access the networks of trusted suppliers in the IT and communications sector. 
Quite simply, it is a better return on investment than, for example, going 
after one company in the financial services sector. SolarWinds and Kaseya are 
just two well-known and recent examples of this. Sadly, there is likely to be 
more in the near term," commented Justin Fier, Darktrace Director for Cyber 
Intelligence and Analysis.  

The findings of this research mark one year since the compromise of U.S. 
software company SolarWinds rattled the security industry. This landmark 
supply-chain attack made thousands of organizations vulnerable to infiltration 
by inserting malicious code into the Orion system. Over the last 12 months, 
there has been a continued spate of attacks against the IT and communications 
sector, including the high-profile attacks on Kaseya and Gitlab. 

Threat actors often use software and developer platforms as entry points into 
other high-value targets, including governments and authorities, large 
corporations, and critical infrastructure. Darktrace found that the most common 
attempted break-in method was through email, with organizations in the sector 
receiving an average of 600 unique phishing campaigns a month in 2021. Contrary 
to popular belief, the emails sent to these organizations did not contain a 
malicious payload hidden in a link or attachment. Instead, cyber-criminals used 
subtle and sophisticated techniques sending 'clean emails' containing only text 
attempting to coax recipients into replying and revealing sensitive 
information. This method is effective because, by compromising these email 
accounts, hackers can then exploit the trusted relationship between the 
software supplier and the intended targets. 

These methods easily bypass legacy security tools that rely on checking links 
and attachments against blocklists and signatures. AI can stop these emails 
from reaching employees' inboxes by identifying the full range of anomalies, 
including even the most subtle indicators. 

"The reality is that attackers are patient and creative. They will usually go 
right through the front door by compromising trusted suppliers in the IT and 
communications industry. To downstream customers, it appears as business as 
usual and is just another application or piece of hardware from a trusted 
supplier," continued Fier. "There is no magic solution to finding attacks 
embedded in your software suppliers, so the real challenge for organizations 
will be to operate while accepting this risk. Getting a sense of what is normal 
for the software you are trusting will be paramount. AI is perfectly suited for 
this job; spotting the subtle changes presented by a piece of software that has 
been compromised will be key to fighting this problem in the future."

About Darktrace
Darktrace ( 
https://c212.net/c/link/?t=0&l=en&o=3386619-1&h=3959312&u=https%3A%2F%2Fwww.darktrace.com%2Fen%2Foverview&a=Darktrace 
) (DARK.L), a global leader in cyber security AI, delivers world-class 
technology that protects almost 6,000 customers worldwide from advanced 
threats, including ransomware ( 
https://c212.net/c/link/?t=0&l=en&o=3386619-1&h=848878377&u=https%3A%2F%2Fwww.darktrace.com%2Fen%2Fransomware&a=ransomware 
), and cloud ( 
https://c212.net/c/link/?t=0&l=en&o=3386619-1&h=1789740569&u=https%3A%2F%2Fwww.darktrace.com%2Fen%2Fcloud&a=cloud 
) and SaaS ( 
https://c212.net/c/link/?t=0&l=en&o=3386619-1&h=465236823&u=https%3A%2F%2Fwww.darktrace.com%2Fen%2Fsaas&a=SaaS 
) attacks. The company's fundamentally different approach applies Self-Learning 
AI ( 
https://c212.net/c/link/?t=0&l=en&o=3386619-1&h=645976805&u=https%3A%2F%2Fwww.darktrace.com%2Fen%2Fself-learning-ai&a=Self-Learning+AI 
) to enable machines to understand the business in order to autonomously defend 
it. Headquartered in Cambridge, UK, the company has 1,600 employees and over 30 
offices worldwide. Darktrace was named one of TIME magazine's 'Most Influential 
Companies' for 2021.

SOURCE:  Darktrace

CONTACT: Nikhol Hui
         Brands2Life (UK), +44-(0)7908-714331, darktrace@brands2life.com; 
         Bryce Tom 
         Rubenstein (US), +1-917-733-9494, darktrace@rubenstein.com