Google Mandiant report finds surprising fall in time to detect cyber intrusions – Business
Global median dwell time, the average amount of time that attackers remain undetected on a target’s network after gaining unauthorized access, has fallen to its lowest point in a decade.
That’s according to Google LLC-owned cybersecurity firm Mandiant’s 15th annual M-Trends 2024 report, released today. It provides an analysis of trends based on Mandiant’s frontline identified cyberattacks and remediations conducted in 2023. The reduced median dwell time is one of several findings that indicate organizations globally have made meaningful improvements in their defensive capabilities in identifying malicious activity.
The global median dwell time reached its lowest point in over a decade, with organizations detecting intrusions within a median of 10 days, a decrease from 16 days in 2022. Shorter dwell times were surprisingly found to be likely driven by a larger proportion of ransomware incidents in 2023 at 23%, versus 18% in 2022, implying that ransomware is easier to detect.
Mandiant also tracked an improvement in internal detection of compromise in 2023, at 46%, up from 37% in 2022. Along with shorter dwell times, the increase in internally detected events further suggests that defenders globally have improved their detection capabilities.
While Mandiant saw improvements globally, not all geographic areas are equal. Organizations in the Asia-Pacific region experienced the most dramatic decrease, reducing the median dwell time to nine days, down from 33 days the year before. By contrast, the median dwell time increased from 20 days to 22 days in Europe, the Middle East and Africa.
The report also delved into which industries are most likely to be targeted, with financial services organizations accounting for 17% of most frequently responded to intrusions in 2023. Behind financial services were business and professional services at 13%, high technology at 12%, retail and hospitality 9% and health at 8%.
The commonality among the most targeted industries is noted to be their possession of highly sensitive information, including business data, personally identifiable information, protected health information and financial records. Collectively that makes them attractive targets for hackers seeking to exploit sensitive data.
Other takeaways from the report include an increased emphasis on evasion tactics by cyberattackers who are targeting edge devices, using methods like “living off the land” and exploiting zero-day vulnerabilities to maintain their presence within networks for extended periods.
Espionage efforts, particularly by alleged Chinese groups, are also noted as intensifying, with such groups focusing on acquiring zero-day exploits and targeting platforms with minimal security measures for prolonged, undetected access. The trends are said to underline the evolving and sophisticated nature of cyberthreats and the need for robust security strategies in both traditional network environments and emerging areas like cloud infrastructure.
“A key theme throughout M-Trends 2024 is that attackers are taking steps to evade detection and remain on systems for longer and one of the ways they accomplish this is through the use of zero-day vulnerabilities,” said Jurgen Kutscher, vice president of Mandiant Consulting at Google Cloud. “This further highlights the importance of an effective threat hunt program, as well as the need for comprehensive investigations and remediation in the event of a breach.”