Ransomware Hackers' Dwell Time Drops to 5 Days, RDP Still Widely Used

Cyber Security Threat Summary:
Ransomware threat actors are reducing the time they spend within compromised networks before being detected by security solutions. In the first half of this year, the median dwell time for these hackers decreased to five days from nine days in 2022. However, the overall median dwell time for all cyberattacks dropped to eight days from ten in 2022, indicating a general trend of quicker detection. Ransomware attacks constituted nearly 69% of all recorded cyberattacks during this period.

Interestingly, non-ransomware incidents saw an increase in median dwell time from 11 to 13 days, implying that cybercriminals not involved in ransomware attacks tend to linger within compromised networks, awaiting opportunities. The average dwell time across all cases was around 15-16 days, with the longest observed dwell time being over three months” (BleepingComputer, 2023).

Security Officer Comments:
Sophos, a cybersecurity company, noted that data exfiltration occurred in 43% of cases, a 1.3% rise from the previous year. Although fewer data theft attacks were recorded (31.58% in H1 2023 compared to 42.76% in 2022), incidents where no data was exfiltrated increased from 1.32% to 9.21%. A noteworthy pattern emerged in the timing of attacks. Cyber threat actors, including ransomware operators, preferred to target organizations on Tuesdays, Wednesdays, and Thursdays, likely to catch IT teams understaffed towards the end of the workday. However, ransomware incidents were most frequent on Fridays and Saturdays, when companies are slower to respond due to reduced contact with tech teams.

Suggested Correction(s):
To bolster cybersecurity, prioritize securing Remote Desktop Protocol (RDP) due to its frequent misuse in 95% of breaches. Strengthening RDP defense against compromised credentials is crucial for deterring hackers and increasing early detection. Additionally, safeguard data by storing it reasonably and performing regular checks, aiding in prompt threat identification and mitigation.