Tag Archive for: Dwell

Ransomware Dwell Time Hits Low Of 24 Hours

/in


(MENAFN– PR Newswire)
Analysis from Secureworks annual State of The Threat Report shows ransomware median dwell time has dropped from 4.5 days to less than 24 hours in a year

ATLANTA, Oct. 5, 2023 /PRNewswire/ — Ransomware is being deployed within one day of initial access in more than 50% of engagements, says Secureworks® (NASDAQ: SCWX ) Counter Threat UnitTM (CTUTM). In just 12 months the median dwell time identified in the annual Secureworks State of the Threat Report has freefallen from 4.5 days to less than one day. In 10% of cases, ransomware was even deployed within five hours of initial access.

“The driver for the reduction in median dwell time is likely due to the cybercriminals’ desire for a lower chance of detection. The cybersecurity industry has become much more adept at detecting activity that is a precursor to ransomware. As a result, threat actors are focusing on simpler and quicker to implement operations, rather than big, multi-site enterprise-wide encryption events that are significantly more complex. But the risk from those attacks is still high,” said Don Smith, VP Threat Intelligence, Secureworks Counter Threat Unit.

“While we still see familiar names as the most active threat actors, the emergence of several new and very active threat groups is fuelling a significant rise in victim and data leaks. Despite high profile takedowns and sanctions, cybercriminals are masters of adaptation, and so the threat continues to gather pace,” Smith continued.

The annual State of the Threat report examines the cybersecurity landscape from June 2022 to July 2023. Key findings include:

  • While some familiar names including GOLD MYSTIC (LockBit), GOLD BLAZER (BlackCat/ALPV), and GOLD TAHOE (Cl0p) still dominate the ransomware landscape, new groups are emerging and listing significant victim counts on ” name and shame” leak sites . The past four months of this reporting period have been the most prolific for victim numbers since name-and-shame attacks started in 2019.

  • The three largest initial access vectors (IAV) observed in ransomware engagements where customers engaged Secureworks incident responders were: scan-and-exploit,…

Source…

Hackers’ dwell time decline, but they are able to reach active directory very fast

/in


Even as the cyber threat landscape is becoming more complex and dangerous, there seems to be an increase in the awareness levels on the importance of guarding one’s digital properties and networks. This sounds very good and encouraging. But bad news is that the hackers are able to reach the Active Directory (AD), one of the critical assets for a company, in less than a day. 

AD typically manages identity and access to resources across an organisation, meaning attackers can use AD to easily escalate their privileges on a system to simply log in and carry out a wide range of malicious activity.

According to the latest report by cybersecurity company Sophos, the average dwell time (the time an intruder lurks around in a computer network or a device undetected) has come down to eight days from 10 days in the first half of 2023.

With regard to ransomware attacks, the dwell time comes down to five days. In 2022, the median dwell time decreased from 15 to 10 days.

Also read: India’s AI talent pool on LinkedIn has grown 14-fold since 2016

The Active Adversary Report for Tech Leaders 2023, which provides an in-depth look at attacker behaviours and tools during the first half of 2023, analysed Sophos’ Incident Response (IR) cases from January to July 2023.

“It took on average less than a day—approximately 16 hours—for attackers to reach Active Directory (AD),” he said.

“Attacking an organisation’s Active Directory infrastructure makes sense from an offensive view. AD is usually the most powerful and privileged system in the network, providing broad access to the systems, applications, resources, and data that attackers can exploit in their attacks,” John Shier, field CTO, Sophos, said.

“When an attacker controls AD, they can control the organisation. The impact, escalation, and recovery overhead of an Active Directory attack is why it’s targeted,” he said.

“Getting to and gaining control of the Active Directory server in the attack chain provides adversaries several advantages. They can linger undetected to determine their next move, and, once they’re ready to go, they can blast through a victim’s network unimpeded,” he said.

Full recovery from a domain compromise…

Source…

Attackers’ Dwell Time Plummets as Ransomware Hits Continue

/in


Fraud Management & Cybercrime
,
Fraud Risk Management
,
Incident & Breach Response

Faster Detection Is Good News, But More Speed Still Needed, Mandiant Reports

Mathew J. Schwartz (euroinfosec) •
May 3, 2021    

Attackers' Dwell Time Plummets as Ransomware Hits Continue
Source: FireEye Mandiant

“Dwell time,” which refers to how long hackers hang out in an organization’s network before being discovered, has historically been a key metric for expressing whether hack-attack victims are getting better at detecting intruders.

See Also: Live Webinar | Empowering Financial Services with a Secure Data Path From Endpoint to Cloud


The longer attackers can spend in an organization’s network, the more chance they have to jump to systems, crack passwords, find and exfiltrate valuable data and maybe leave crypto-locking malware on systems.


The good news is that the average dwell time continues to decline, according to FireEye’s Mandiant incident response group. The bad news is that it declined, in part, due to ransomware attackers often quickly revealing themselves when corporate networks become crypto-locked and inaccessible.


Mandiant keeps a running tally of how long organizations that it assists take to detect a breach, as well as whether they self-detected the attack – thanks to internal teams independently finding it – or if they were alerted to the breach by an external event or third party, such as the FBI or another law enforcement agency.




Global median dwell time, 2011-2020 (Source:…

Source…