Cybercriminals spent more time in their victims’ systems in 2021 than in 2020, the latest report from cybersecurity firm Sophos has found. According to Sophos, attacker dwell time increased by 36% last year, with the median intruder dwell time of 15 days in 2021 compared to 11 days in 2020.
The company, in its ‘Active Adversary Playbook 2022′ released today, says longer dwell times mean it is now becoming difficult for organizations’ internal IT security staff to research, investigate and respond to proactively to suspicious alerts and potential threats. .
Sophos also found that intruder dwell time was longer in small business environments, as attackers persisted for about 51 days in businesses with up to 250 employees, compared to typically 20 days in businesses. with 3,000 to 5,000 employees.
What they say
- Commenting on the report, Sophos Senior Security Advisor John Shier said:The world of cybercrime has become incredibly diverse and specialized. Initial Access Brokers (IABs) have developed a cybercrime cottage industry by penetrating a target, performing exploratory reconnaissance or setting up a backdoor, then selling turnkey access to ransomware gangs for their own attacks.
- “In this increasingly dynamic and specialized cyber threat landscape, it can be difficult for organizations to keep up with the ever-changing tools and approaches used by attackers. It’s essential that defenders understand what to look for at each step of the attack chain, so they can detect and neutralize attacks as quickly as possible.
- “Attackers see larger organizations as more valuable, so they’re more motivated to get in, get what they want, and get out. Smaller organizations have less perceived “value”, so attackers can afford to hide around the network in the background for a longer period of time. It’s also possible that these attackers were less experienced and needed more time to figure out what to do once inside the network. Finally, smaller organizations typically have less visibility down the attack chain to detect and eject attackers, prolonging their presence.Shier said.
Sophos, in the report, warned that every organization is the target of cyberattacks that range from phishing and financial fraud to botnet builders, malware delivery platforms, crypto miners, IABs, theft. data, corporate espionage, ransomware, etc. He noted that if there is a vulnerable entry point into a network, attackers are likely to seek it out and eventually find and exploit it.