“Attackers are following the data”
The amount of time that actors are spending within systems has decreased by more than 300 days over the last eight years, from 416 days in 2011 to 55 days last year.
This according to California-based cyber security company FireEeye and its subsidiary Mandiant’s trend report for 2019. They reported that last year the median dwell time a hacker spent within a system was 55 days, nearly half the time of the previous year.
Mandiant are calculating dwell time as the number of days that an attacker is present within a machine without detection. A threat actor with prolonged access to your system represents a grave threat when it comes to data stealing and obfuscation.
The cyber security researchers note that detection processes are getting better year on year, thus giving hackers less time to carry long excursions inside enterprise networks. Companies are also continually working on developing and improving their internal bug hunting capabilities alongside their network and endpoint security.
However, they also point out that a change in techniques and targets by threat actors may also be a key factor in decreasing dwell times, saying: “We attribute the reduction in dwell time to the uptick in financially motivated compromises such as ransomware and business email compromise, which tend to have both immediate impact and immediate detection by the targeted organization.”
In the report they note the growing trend of attacks against cloud providers: “As more and more customers move to software as a service and cloud, attackers are following the data,” Mandiant state. While this trend may not be hugely surprising, they anticipate that it will be the key trend of 2019 — as cloud providers and other large online data managers are prime targets for threat actors hoping to just slice off a small percentage of the huge stores of sensitive data such companies possess and process.