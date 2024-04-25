Cybersecurity and threat intelligence company Mandiant has released a report that provides trend analysis based on cyber attack investigations and remediations conducted in 2023. The report revealed that organisations are identifying malicious activity more quickly than in previous years.

While the use of zero-day exploits is on the rise, the report showed improvement in global cybersecurity posture. The global median dwell time—the time attackers remain undetected within a target environment—has reached its lowest point in over a decade.

Below are some key insights from the report.

Global Median Dwell Time Hits Lowest Point

In 2023, organisations detected intrusions within a median of 10 days, a notable decrease from 16 days in 2022. Shorter dwell times were likely driven by a larger proportion of ransomware incidents in 2023 (23%) versus 2022 (18%).

Mandiant also tracked an improvement in internal detection of compromise in 2023 (46%), compared to 37% in 2022.

Targeting By Industry Vertical

Mandiant most frequently responded to intrusions at financial services organisations (17%) in 2023. This was followed by business and professional services (13%), high technology (12%), retail and hospitality (9%), and healthcare (8%).

A common thread across the targeted industries is their possession of sensitive information, including proprietary business data, personally identifiable information, protected health information and financial records. This makes them particularly attractive targets for attackers.

Dwell Time By Region

Organisations in the Asia-Pacific region experienced the most decrease, reducing their median dwell time to nine days, compared to 33 days in 2022, the report showed. This variation could be driven by the quick moving ransomware used in the incidents in the region. Ransomware-related intrusions consumed the highest majority for the investigation type compared to any other region in 2023.

Increased Focus On Evasion

In an effort to maintain persistence on networks for as long as possible, attackers are increasingly targeting edge devices, leveraging "living off the land" techniques and exploiting zero day vulnerabilities.

Zero-Day Exploits On The Rise

Zero-day exploits are no longer limited to a few, select actors. The trend of increasing availability is expected to continue due to factors like ransomware and data extortion groups utilising them, state-sponsored exploitation and the rise of commercially available turnkey exploit kits.

Cloud Targeting Aligns With Adoption

As cloud adoption grows, so does attacker targeting of these environments, including hybrid cloud/on-premise configurations. The report advised organisations to implement stricter controls to limit access to cloud resources by only authorised users.

Evolving Tactics To Bypass MFA

As multi-factor authentication becomes standard practice, attackers are developing methods to circumvent its protections. A concerning trend is the rise of web proxy and adversary-in-the-middle phishing pages that steal login session tokens, effectively bypassing MFA.