Estimated reading time: 1 minute, 25 seconds

Hackers' Dwell Time Shrinks: Mandiant’s M-Trends 2023

For hackers, 2022 was no time to dwell. That’s according to Mandiant’s M-Trends 2023 report.

MandiantThe global median dwell time—the median time an attacker is in a target’s systems undetected—was 16 days last year, according to Mandiant. That’s down from 21 days in 2022, and it’s the lowest since Mandiant has been keeping track. “When we first started tracking this metric back in 2011, the dwell time was actually really high… 416 days,” Mandiant’s chief technology officer, Charles Carmakal, said in a video interview with Dark Reading. “So it’s getting a lot better.”

Carmakal noted that threat actors are moving more quickly, either causing disruption that organizations discover or notifying the organizations themselves that they have been hacked. But he also credited organizations with improvement in detecting attacks, in part by hiring more securities professionals and buying more technology products.

As Securities Boulevard points out, a surprising conclusion from the report was a decline in the prevalence of ransomware. Last year, 18% of global intrusions involved ransomware, down from 23% in 2021, according to Mandiant.

Remarkably, external entities notified organizations of breaches in 63% of incidents. That’s up from 47% in 2021 and near 2014 levels.

Another notable finding was how threat actors leverage data obtained through social engineering, underground markets and bribery.  “These adversaries demonstrated a willingness to get personal with their targets, bullying and threatening many of them," according to the report.

In a speech at RSA Conference, Mandiant CEO Kevin Mandia outlined steps that organizations can take to avoid becoming victims, as Cybersecurity Dive reports. Institutional knowledge, multi-factor authentication and honeypots are just a few of his recommendations. He also suggested studying module logging, reporting risk to boards in a consistent way and identifying critical assets.

Read 339 times
Rate this item
(0 votes)

Visit other PMG Sites:

PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.