Cybercriminals spent more time in their victims’ systems in 2021 compared with 2020, the latest report by cybersecurity company, Sophos, has established. According to Sophos, the dwelling time of attackers increased by 36% last year, with a median intruder dwell time of 15 days in 2021 versus 11 days in 2020.
The company, in its ‘Active Adversary Playbook 2022‘ released today, says the longer dwell times mean that it is now becoming hard for in-house IT security staff of organizations to proactively hunt for, investigate, and respond to suspicious alerts and potential threats.
Sophos also discovered that intruder dwell time was longer in smaller organizations’ environments, as attackers lingered for approximately 51 days in organizations with up to 250 employees, while they typically spent 20 days in organizations with 3,000 to 5,000 employees.
What they are saying
- Commenting on the report, Senior Security Advisor at Sophos, John Shier, said: “The world of cybercrime has become incredibly diverse and specialized. Initial Access Brokers (IABs) have developed a cottage cybercrime industry by breaching a target, doing exploratory reconnaissance or installing a backdoor, and then selling the turn-key access to ransomware gangs for their own attacks.”
- “In this increasingly dynamic, specialty-based cyberthreat landscape, it can be hard for organizations to keep up with the ever-changing tools and approaches attackers use. It is vital that defenders understand what to look for at every stage of the attack chain, so they can detect and neutralize attacks as fast as possible.”
- “Attackers consider larger organizations to be more valuable, so they are more motivated to get in, get what they want, and get out. Smaller organizations have less perceived ‘value,’ so attackers can afford to lurk around the network in the background for a longer period. It’s also possible these attackers were less experienced and needed more time to figure out what to do once they were inside the network. Lastly, smaller organizations typically have less visibility along the attack chain to detect and eject attackers, prolonging their presence,” Shier said.
Sophos, in the report, warned that every organization is a target of cyber-attacks which range from phishing and financial fraud to botnet builders, malware delivery platforms, crypto miners, IABs, data theft, corporate espionage, ransomware, and more. It noted that if there is a vulnerable entry point into a network, the chances are that attackers are looking for it and will eventually find and exploit it.
