ZDNet reports that cybercriminals have been spending a median dwell time of 15 days inside compromised networks in 2021, compared with 11 days in 2020, indicating a prolonged duration for performing malicious activities without being detected.
Unpatched security flaws have been the most prevalent approach leveraged by attackers in achieving initial network access, accounting for 47% of incidents last year, with the ProxyShell and ProxyLogon vulnerabilities being the most targeted flaws, a Sophos report showed.
Inadequate patching practices have been blamed for extended dwell times, which were longest among education entities and small businesses.
"We've seen this multiple attackers ending up in the same network, multiple ransomware crews ending up in the same network, the same crew going back into the same network again because the company didn't close the hole in the first place after they've recovered that's what the longer dwell times are," said Sophos Senior Security Advisor John Shier.
Risk Assessments/Management, Breach, Threat Management, Malware
Cybercriminal network dwell times increase
Share
Related Terms
Attack VectorBackdoorBlack HatBusiness Email Compromise (BEC)Chain of CustodyCovert ChannelsDarknetData CustodianDefacementDrive-by DownloadGet daily email updates
SC Media's daily must-read of the most current and pressing daily news