Security News > 2021 > April > Breaches Detected Faster, But Ransomware Surge a Major Factor: FireEye
According to Mandiant, the surge in ransomware attacks, which are meant to be noisy and detected, is partially the reason for shorter dwell times observed in live attacks over the last year.
In the ransomware attacks investigated by Mandiant, 78% had a dwell time of 30 days or less, and only 1% of these incidents had a dwell time of 700 days or more.
Taken separately, in the case of external breach notifications the median dwell time in 2020 was 73 days, while in the case of internal detection the dwell time was only 12 days.
Dwell times in the Americas dropped from 60 days in 2019 to 17 days in 2020, but more than 27 percent of incidents investigated in this region involved ransomware.
"The large number of investigations which involved ransomware undoubtedly drove down the median dwell time. Ransomware incidents in the Americas had a median dwell time of just three days and accounted for 41% of incidents with a dwell time of 14 days or fewer," Mandiant said in its report.
In addition to dwell times, the M-Trends 2021 report covers new extortion techniques used by ransomware gangs, the phishing and extortion campaigns conducted by a cybercrime group named FIN11, the threat group behind the SolarWinds supply chain attack, and malicious actors shifting focus to systems that support remote work.