Global dwell time drops as ransomware attacks accelerate
Attackers are spending less time inside target networks, researchers report, but the seemingly positive trend hides a concerning development: Ransomware attacks, which by nature have a shorter “dwell time,” are growing more common and efficient, shrinking the average time frame for all attacks.
In their 2021 M-Trends threat report, Mandiant researchers note the global median dwell time, or the number of days an attacker is in an environment before detection, has fallen to 24 days. While median dwell time has consistently dropped from 416 days in 2011, this year’s number marks a notable drop, says Steven Stone, senior director of advanced practices at Mandiant.
“Half the dwell time went away compared to last year,” he notes. The 2020 M-Trends report found a global median dwell time of 56 days, making this year’s number “a significant drop.”
This decline could be explained by several factors, including continued improvement in threat detection capabilities, new policies, and higher security budgets. However, the attack landscape plays a critical role. As dwell time dropped last year, the number of ransomware cases rose: Twenty-five percent of Mandiant investigations involved ransomware, a sharp increase from 14% in 2019.
A breakdown of dwell time by attack type is more telling. The median dwell time for non-ransomware investigations was 45 days; for ransomware investigations, it was only five. These metrics combined brought the global median dwell time down to its new low of 24 days.
As researchers see more ransomware, they expect dwell time to continue shrinking. After all, the attackers deploying ransomware don’t want to remain hidden for very long.
To read the complete article, visit Dark Reading.