Intruder dwell time jumps 36%

2022-06-08 08:57

"Attackers consider larger organizations to be more valuable, so they are more motivated to get in, get what they want and get out. Smaller organizations have less perceived 'value,' so attackers can afford to lurk around the network in the background for a longer period. It's also possible these attackers were less experienced and needed more time to figure out what to do once they were inside the network. Lastly, smaller organizations typically have less visibility along the attack chain to detect and eject attackers, prolonging their presence," said Shier.

"With opportunities from unpatched ProxyLogon and ProxyShell vulnerabilities and the uprise of IABs, we're seeing more evidence of multiple attackers in a single target. If it's crowded within a network, attackers will want to move fast to beat out their competition."

The median attacker dwell time before detection was longer for "Stealth" intrusions that had not unfolded into a major attack such as ransomware, and for smaller organizations and industry sectors with fewer IT security resources.

Longer dwell times and open entry points leave organizations vulnerable to multiple attackers.

Common tool combinations used in attacks provide a powerful warning signal of intruder activity.

The detection of such correlations can serve as an early warning of an impending attack or confirm the presence of an active attack.

News URL

https://www.helpnetsecurity.com/2022/06/08/intruder-dwell-time-increase/