Security News > 2023 > August > Ransomware hackers dwell time drops to 5 days, RDP still widely used
Ransomware threat actors are spending less time on compromised networks before security solutions sound the alarm.
In the first half of the year the hackers' median dwell time dropped to five days from nine in 2022.
Statistics from cybersecurity company Sophos show that the overall median dwell time for all cyberattacks was eight days in the first half of the year, down from ten in 2022.
The average dwell time stands at 15-16 days across all cases, while the maximum observed this year was over three months.
Attackers used RDP mostly for internal activity and only in 18% cases externally.
For these reasons, Sophos recommends companies to make securing RDP a priority because denying this type of access could make a hacker spend too much time and effort to break in, which translates into more time to detect the intrusion.
News URL
Related news
- Russian hackers deliver malicious RDP configuration files to thousands (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- North Korean hackers pave the way for Play ransomware (source)
- Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested (source)
- APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP (source)
- Russian hackers use RDP proxies to steal data in MiTM attacks (source)