Mandiant 2023: Attacker dwell time down, ransomware up

April 23, 2024
1 min read

TLDR:

  • Attacker dwell time decreased in 2023
  • Ransomware attacks increased

Mandiant’s ‘M-Trends 2024 Special Report’ highlighted the decrease in attacker dwell time and the rise in ransomware attacks in 2023. While global median dwell time decreased to 10 days, ransomware-related intrusions rose to 23%. The report also noted the increase in compromises detected internally by organizations and highlighted the use of zero-day exploitation and evasion techniques by threat actors.

Full Article:

Mandiant’s ‘M-Trends 2024 Special Report’ provided insights into the cybersecurity landscape of 2023. The report revealed that while the global median dwell time for attackers decreased to its lowest point since 2011, ransomware attacks continued to rise, with investigations involving ransomware increasing to 23% compared to the previous year.

One positive aspect highlighted in the report was the improvement in internal detection of intrusions, with the global median falling from 13 days to 9 days. This improvement in detection capabilities indicated that organizations were making progress in enhancing their defensive measures against cyber threats.

However, the report also raised concerns about the increase in zero-day exploitation and evasion techniques by threat actors. Mandiant observed cyber espionage and financially motivated attackers leveraging zero-day vulnerabilities to conduct their operations. The report identified CVE-2023-34362 as a prevalent zero day in 2023, affecting more than 2,000 MoveIt Transfer customers.

Additionally, attackers were noted to be targeting edge network devices and utilizing living off the land tactics to evade detection. Mandiant highlighted the need for organizations to be vigilant against compromised cloud identities through MFA bypass attacks and warned about the continued threat of zero-day vulnerabilities across various threat actor groups.

In conclusion, the ‘M-Trends 2024 Special Report’ emphasized the importance of organizations staying ahead of evolving cyber threats and continuously improving their detection and response capabilities to mitigate the risks posed by ransomware, zero-day exploits, and other evasion techniques employed by threat actors.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and