Falling Dwell Time May Be Down to Faster Threat Activity

The average dwell time for attackers decreased from 15 to 10 days globally last year, but the decrease may indicate that threat actors are achieving their goals faster, according to Sophos.

It was compiled by the security vendor Sophos Active Adversary Report for Business Leaders of 152 incident response investigations worldwide.

It found that dwell times without ransomware decreased from 34 days to 11 days last year, while dwell times for ransomware-related breaches decreased from 11 to 9 days.

Read more about dwell time: Global dwell time falls but EMEA shrinks.

A Mandiant study last week put the global average at 16 days, the lowest since it began tracking the statistic more than a decade ago.

However, as the Google-owned intelligence provider argued at the time, this is not necessarily a sign that network defenders are getting better at detecting attacks. Attackers may have worked through the stages of their kill chain and increasingly want to be detected faster so they can get paid or are in the process of launching destructive/disruptive payloads.

Sophos also cautioned against an overly simplistic interpretation of the data.

“The good news is that it could indicate an improvement in the detection of active attacks, a real improvement for defenders and their capabilities,” he said. “The bad news is that attackers may be accelerating their efforts in response to improvements in detection capabilities. We’ll be looking at dwell time statistics in particular through 2023 to see if we’re seeing a sea change in the forward direction and back and forth between defenders and attackers.”

Elsewhere, Sophos revealed that exploited vulnerabilities remained the most common method of initial access, accounting for 37% of breaches analysed. More than half (55%) of these were exploits of the ProxyShell or Log4Shell vulnerability, which the victim organizations should have patched by then.

The second most common method of initial access was compromised credentials (30%), which Sophos said often indicates the work of an initial access agent (IAB).

Almost a fifth (17%) of incidents had an “unknown” root cause. Sophos argued that organizations need to improve logging and backup of their logs to improve visibility.

“The problem with ‘Unknown’ is that it prevents full remediation. If the organization doesn’t know how attackers got in, how will they fix the problem to prevent future attacks? the report noted.

“Sometimes attackers wipe data to erase their tracks, of course, but other times defenders will re-imagine systems before starting an investigation. Some systems are set up to overwrite their logs too quickly and/or frequently. Worst of all, some organizations don’t collect the evidence in the first place.”

Source link
As more malicious actors get more adept at threat activities, it is becoming ever more difficult to effectively secure our data and information against rapidly evolving threats. This increased risk is being seen across the board, and is reflected in falling dwell time. Falling dwell time can be defined as the time between a breach or infiltration and detection or response.

Ikaroa, a full-stack tech company, is tackling this issue head-on by developing innovative technology solutions that are designed to detect, respond and mitigate the threats posed by today’s ever-evolving digital security landscape. The Ikaroa research and development team is focusing on creating the most advanced threat protection available to the public, through a combination of device analysis, behavioural analytics and big data intelligence.

Ikaroa is also dedicated to providing the most robust and up-to-date security software on the market, enabling our customers to have the best protection possible against new threats. Consulting services are also available, as Ikaroa’s team of security experts can provide security evaluations, audit and remediation services to ensure that you have all the tools to stop malicious activity.

Falling dwell time is compounded by rapidly evolving security threats, and the need for these threats to be quickly detected and responded to. Secure technologies, such as those developed by Ikaroa, can help reduce the burden placed on IT professionals to stay ahead of the curve when it comes to cyber security. We will continue to research, develop, and deliver the most advanced security solutions possible, so our customers can sleep soundly at night knowing that their data is secure.


Leave a Reply

Your email address will not be published. Required fields are marked *