According to one cybersecurity firm’s incident metrics, the mean dwell time was the lowest ever recorded by its teams globally

In analyzing 2023 metrics of targeted and remediated attack activity investigated by its teams, a cybersecurity firm has released some key takeaways  from the data.

First, the global “median dwell time” (the time attackers remain undetected within a target environment) was 10 days, down from 16 in 2022. This is the lowest point recorded in similar yearly metrics recorded by the firm in over a decade. Its customers in the Asia Pacific and Japan region had experienced the highest reduction in median dwell time: from 33 days in 2022 metrics to nine days in 2023. The firm surmises that this variation could have been driven by “the quick moving ransomware used in the incidents in the region, as ransomware-related intrusions consumed the highest majority for the investigation type compared to any other region in 2023.”

Second, the top targeted customers were, by industry, in the financial services (17%), business and professional services (13%), high technology (12%), retail and hospitality (9%), and healthcare (8%). The theory is that these industries possessed a wealth of marketable sensitive information.

Third, 626 new malware families were tracked in 2023, the highest number of net new malware families identified in the firm’s customer base in a single year to date. Among these, the top five categories included backdoors (33%), downloaders (16%), droppers (15%), credential stealers (7%) and ransomware (5%).

Finally, attackers in the data were noted to have been  increasingly targeting edge devices, leveraging “living off the land” techniques and exploiting zero-day vulnerabilities.

According to Jurgen Kutscher, Vice President, Mandiant Consulting, the firm that supplied its yearly findings, organizations in its user base had “done a better job in 2023 at protecting systems and detecting compromises” but “organizations must remain vigilant. A key theme is that attackers are taking steps to evade detection and remain on systems for longer, and one of the ways they accomplish this is through the use of zero-day vulnerabilities. This further highlights the importance of an effective threat hunt program, as well as the need for comprehensive investigations and remediation in the event of a breach.”