Mandiant Inc., a Google Cloud firm that is into cybersecurity defence and threat intelligence, has said there is a marked decrease in the global median hacker dwell time.

From 21 days in 2021, the average dwell time fell to 16 days in 2022. However, the average dwell time in ransomware intrusions increased to 9 days in 2022 from 5 days in the previous year. Ransomware left undetected for longer periods mean increased scope for hackers to take the data for ransom.

The dwell time is the median number of days an attacker is present in a target’s environment before being detected.

This, according to Mandiant, is the shortest median global dwell time ever since it started capturing the cybersecurity trends ( M-Trends) a decade ago.

The M-Trends report says the ransomware attacks continue to be a driving factor in a reduced dwell time.

Also read: Why hackers love backups

Mandiant observed that in instances where external entities are making the notification, the global median dwell time for intrusions involving ransomware was 7 days compared to 12 days when an organisation detected the intrusion internally.

Incidentally, there is a general increase in the number of organisations that received an alert from an external entity about an ongoing or a just-concluded security attack.

“This continues the trend observed in 2021 and brings the global detection rates closer to what defenders experienced in 2014,” it said in the report.

Proactive notifications from security partners enable organisations to launch response efforts more effectively.

Ransomware intrusions

Another interesting trend is, there is a decrease in the percentage of global intrusions involving ransomware between 2021 and 2022.

“In 2022, 18 per cent of intrusions involved ransomware compared to 23 per cent in 2021. 

Also read: No. of cyber attacks on Indian entities far surpasses global average

“M-Trends 2023 makes it clear that, while our industry is getting better at cyber security, we are combating ever-evolving and increasingly sophisticated adversaries,” Jurgen Kutscher, Vice-President of Mandiant Consulting at Google Cloud, said.

Caution to organisations

Kutscher wanted organisations to remain diligent and continue to enhance their cyber security posture with modern cyber defense capabilities. “Ongoing validation of cyber resilience against these latest threats and testing of overall response capabilities are equally critical,” Kutscher said.

Top malware families

Mandiant said it began tracking 588 new malware families in 2022, revealing how adversaries are continuing to expand their toolsets. Of the newly tracked malware families, the top five categories consisted of backdoors (34 p.c.), downloaders (14 p.c.), and ransomware (7 p.c.).

These categories of malware remain consistent over the years and backdoors continue to represent a little more than one-third of the newly tracked malware families.

Mandiant said it has investigated several intrusions carried out by newer adversaries that are becoming increasingly savvy and effective.

Also read: Up for sale in darknet: Malicious Google Play apps

“They leverage data from underground cybercrime markets, conduct convincing social engineering schemes over voice calls and text messages, and even attempt to bribe employees to obtain access to networks,” Charles Carmakal, CTO of Mandiant Consulting at Google Cloud, said.

These groups pose a significant risk to organisations, even those with robust security programs, as these techniques are challenging to defend against.