Cybercriminals can go from click to compromise in less than a day

2023-10-10 03:00

"The driver for the reduction in median dwell time is likely due to the cybercriminals' desire for a lower chance of detection. The cybersecurity industry has become much more adept at detecting activity that is a precursor to ransomware. As a result, threat actors are focusing on simpler and quicker to implement operations, rather than big, multi-site enterprise-wide encryption events that are significantly more complex. But the risk from those attacks is still high," said Don Smith, VP Threat Intelligence, Secureworks Counter Threat Unit.

"While we still see familiar names as the most active threat actors, the emergence of several new and very active threat groups is fuelling a significant rise in victim and data leaks. Despite high-profile takedowns and sanctions, cybercriminals are masters of adaptation, and so the threat continues to gather pace," Smith continued.

The same threat groups continued to dominate in 2023 as in 2022.

GOLD MYSTIC's LockBit remains the head of the pack, with nearly three times the number of victims as the next most active group, BlackCat, operated by GOLD BLAZER. Alarming surge in ransomware victims.

North Korea: North Korea threat groups fall into two groups: cyber espionage and revenue generation for the isolated regime.

AppleJeus has been a fundamental tool for North Korea's financial theft initiatives, and according to Elliptic, North Korean threat groups have stolen $2.3 billion in crypto assets between May 2017 and May 2023.

News URL

https://www.helpnetsecurity.com/2023/10/10/ransomware-median-dwell-time/

#compromise #cybercriminal