Dive Brief:
- Global median dwell times — measured as the time that hackers remain undetected inside a targeted environment — have fallen to their lowest levels in more than a decade, according to the annual M-Trends report from Google Cloud’s Mandiant, released Tuesday.
- Organizations were able to detect intrusions within a median of 10 days in 2023, compared with 16 days in 2022. Notably the largest improvements came in the Asia-Pacific region, where median dwell times fell to nine days in 2023, compared with 33 in 2022.
- Zero-day vulnerabilities are a hot target for espionage actors as well as financially motivated threat groups. Zero-day usage rose 50% in 2023, compared with the prior year.
Dive Insight:
The 15th annual M-Trends report showed network defenders are making progress in their ability to detect intruders, however Mandiant researchers cautioned organizations to remain vigilant. Attackers are using living-off-the-land techniques, abusing edge devices and using other sophisticated methods to mask their malicious activities.
“Attackers regularly adjust their tactics, techniques and procedures in order to achieve their objectives, which can be challenging for defenders,” Jurgen Kutscher, VP of Mandiant Consulting at Google Cloud, said in a statement. “Despite this, our frontline investigators have learned that organizations have done a better job in 2023 of protecting systems and detecting compromises.”
Organizations are getting better at detecting compromises internally. The report shows 54% of organizations learned of a compromise by an external source in 2023, compared with 63% in 2022.
Despite the detection improvements, median dwell times varied greatly by region. The improvements in the Asia-Pacific region may have been driven by fast moving ransomware, according to Kirstie Failey, Mandiant principal threat analyst, Google Cloud.
Median dwell times in the Americas remained unchanged at 10 days. In Europe, the Middle East and Africa, median dwell times rose to 22 days, compared with 20 in 2022. Mandiant said this may have represented a normalization of regional data following its work in Ukraine in 2022.