Darktrace, a global leader in cyber security AI, today announced that its Autonomous Response technology, Antigena, successfully took action to stop a cyber-attack exploiting a GitLab vulnerability for the purposes of running crypto-mining malware at a major Italian electronics distributor.

The GitLab vulnerability, which has been well reported, allows attackers to run arbitrary commands, including the ability to delete, modify, and exfiltrate private source code. Research revealed that over six months after a patch for the vulnerability was released, over 30,000 publicly accessible GitLab servers remained unpatched and open to exploitation. The attacks have been opportunistic, indiscriminate and automated.

Powered by Self-Learning AI, Darktrace technology develops an understanding of normal business operations for each organization which allows it to spot abnormal activity. From this understanding, Antigena was able to make micro-decisions and autonomously quarantine the infected devices, preventing lateral movement of the suspected cryptojacking threat actor – all without business disruption. With the CISO out of office and not due to return for another two weeks, compounded by having a small security team, without autonomous response technology the attack would have escalated causing disruption that would have impacted the company financially and reputationally. Though the attacker was caught using the GitLab vulnerability to mine cryptocurrency, the exploitation of this vulnerability could have served as the first stage of a more destructive ransomware attack, or resulted in the theft of intellectual property.

Darktrace reports that every minute, of every day, its Autonomous Response technology stops a threat from escalating and it is capable of taking action in seconds.

About Darktrace