Attackers’ Dwell Time Plummets as Ransomware Hits Continue

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

Fraud Management & Cybercrime
Fraud Risk Management
Incident & Breach Response

Faster Detection Is Good News, But More Speed Still Needed, Mandiant Reports

Attackers' Dwell Time Plummets as Ransomware Hits Continue
Source: FireEye Mandiant

“Dwell time,” which refers to how long hackers hang out in an organization’s network before being discovered, has historically been a key metric for expressing whether hack-attack victims are getting better at detecting intruders.

See Also: Live Webinar | Empowering Financial Services with a Secure Data Path From Endpoint to Cloud

The longer attackers can spend in an organization’s network, the more chance they have to jump to systems, crack passwords, find and exfiltrate valuable data and maybe leave crypto-locking malware on systems.

The good news is that the average dwell time continues to decline, according to FireEye’s Mandiant incident response group. The bad news is that it declined, in part, due to ransomware attackers often quickly revealing themselves when corporate networks become crypto-locked and inaccessible.

Mandiant keeps a running tally of how long organizations that it assists take to detect a breach, as well as whether they self-detected the attack – thanks to internal teams independently finding it – or if they were alerted to the breach by an external event or third party, such as the FBI or another law enforcement agency.

Global median dwell time, 2011-2020 (Source:…