Mandiant Report: Global Median Dwell Time for Cyber Intrusions Drops to 10 Days in 2023

Mandiant, a division of Google Cloud, has released its M-Trends 2024 report, revealing that the global median dwell time for cyber intrusions dropped to 10 days in 2023, a significant improvement from 16 days in 2022. This marks the lowest point in over a decade, indicating that organizations worldwide have made meaningful advancements in their defensive capabilities.

The report also highlights that ransomware comprised 23% of breaches in 2023, up from 18% in the previous year. Financial services entities were the most impacted by attacks, followed by organizations in the business and professional services, high technology, retail and hospitality, and healthcare sectors. These industries are attractive targets due to the sensitive information they possess, such as proprietary data, personally identifiable information, and financial records.

Why this matters: The findings emphasize the evolving cyber threat landscape and the need for organizations to remain vigilant and adaptive in the face of emerging threats. As attackers continue to develop new techniques to target and infiltrate IT environments, it is critical for businesses to fortify their cybersecurity postures and invest in robust threat response programs.

Mandiant identified a record high of 626 new malware families in 2023, with the majority being backdoors, downloaders, droppers, credential stealers, and ransomware. The report also warns that attackers are increasingly targeting edge devices, leveraging 'living off the land' techniques, and exploiting zero-day vulnerabilities to evade detection and maintain persistence on networks.

The report highlights emerging threats from China-nexus actors, who are prioritizing the acquisition of zero-day exploits and platform-specific tools. Attackers are also targeting cloud environments as cloud adoption grows. Additionally, the report notes that Red Teams are leveraging large language models and AI to enhance their effectiveness, and attackers are developing methods to circumvent multi-factor authentication protections.

While the decrease in dwell time is partly attributed to the surge in ransomware incidents, which are easier to detect, the report also notes a commendable uptick in internally detected compromise events. "Organizations globally have made meaningful improvements in their defensive capabilities, identifying malicious activity affecting their organization more quickly than in previous years," the report states.

However, Mandiant cautions against complacency, emphasizing the adversaries' persistence in evading detection and prolonging their presence within compromised systems. The report underscores the importance of effective threat hunting programs and comprehensive investigation and remediation strategies to address the evolving cyber threat landscape.

Key Takeaways

• Median dwell time for cyber intrusions dropped to 10 days in 2023, a 37.5% improvement.
• Ransomware comprised 23% of breaches in 2023, up from 18% in 2022, impacting financial services most.
• Mandiant identified a record high of 626 new malware families in 2023, targeting edge devices and exploiting zero-days.
• China-nexus actors prioritize zero-day exploits and cloud environments, while attackers bypass multi-factor authentication.
• Organizations have improved detection capabilities, but Mandiant warns against complacency in the evolving threat landscape.