According to Google’s Mandiant, organizations and their cyber defenders are improving their ability to detect cyberattacks, but the detection time is still 16 days.
in the 14th a year M trend According to a report published on April 18, 2023, cybersecurity firms predict that in 2022 the global median dwell time (the time it takes for a victim of a cyberattack to detect an intrusion) will decrease from 21 days in 2023. from 16 days of 2022.
This is the lowest average dwell time globally since Mandiant began tracking this metric in 2011.
According to Stuart McKenzie, Head of Mandiant Consulting EMEA, the decline can be attributed to better cyber defenders, coupled with attackers becoming more brave than before.
“Especially in the current situation with the cyber conflict between Russia and Ukraine, they want victims to detect them quickly. In the case of a serious attack, you have to make an impact,” he said Information security.
However, he added that two weeks is still enough for attackers to do a lot of damage and that improvements are needed.
“Also, dwell time is stopped when an attack is detected, but never remedied. Remediation can take months, even years,” said McKenzie. .
The latest M-Trends report also found that ransomware attacks will decline in 2022, accounting for 18% of all intrusions recorded in Mandiant telemetry that year, compared to 23% in 2021. rice field.
Mackenzie said some of the decline could be attributed to the work of law enforcement. “For example, we have seen many ransomware groups have been forced to rebuild their tools following sanctions by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC),” he recalls.
“The war in Ukraine also sapped resources and meant that some groups were focusing on other things. Having a strong cyber posture slows down ransomware threat actors and encourages them to move from simple phishing techniques to more sophisticated ones like credential compromise and vulnerability exploitation,” McKenzie said. added.
Increased cyber espionage activity
However, as previously reported, state-sponsored malicious activity surged in 2022. Information security.
“Mandiant identified large-scale cyber espionage and information operations leading up to and after Russia’s invasion of Ukraine on February 24, 2022. [and] In the first four months of 2022, more destructive cyberattacks have been observed in Ukraine than in the past eight years,” the report said.
In 2022, Mandiant will begin tracking 588 new malware families. The main ones are backdoors (34%), downloaders (14%), droppers (11%), ransomware (7%) and launchers (5%).
As in previous years, the most common malware family Mandiant identified in its research was BEACON, a multifunctional backdoor identified in 15% of all intrusions. BEACON has been used by various threat groups. This includes state-sponsored threat groups originating from China, Russia, and Iran, financial threat groups, and over 700 groups that Mandiant tracks as unclassified threat clusters.
“Now that organizations are better at detecting cyber intrusions and remediating cyber attacks, make sure they have a holistic program and exercise regular We need to test our cybersecurity posture systematically,” said McKenzie.
The findings of the M-Trends report are based on a Mandiant consulting study of targeted attack campaigns from January 1, 2022 to December 31, 2022.
