This is my informal, unofficial, unapproved etc blog based on my reading of the just-released Mandiant M-Trends 2024 report (Happy 15th Birthday, M-Trends! May you live for many googley years…)
- “Shorter dwell times are likely driven by a larger proportion of ransomware incidents globally in 2023 (23%) versus 2022 (18%). The median dwell time for these ransomware cases dropped to 5 days compared to 9 days in the previous report.“ [A.C. — so your “detection” improved because .. the attacker helped a bit more]
- “54% of organizations first learned of a compromise from an external source, while 46% first identified evidence of a compromise internally. ” [A.C. — pretty close to ½ and ½, so half of the organizations detect, while the other half gets told by others]
- But yes, we are better! “63% of notifications were external in the previous reporting period, suggesting organizations are improving at detecting malicious behavior.“
- “In 70% of ransomware cases, organizations learned of intrusions from external sources. Of those external sources, 76% were adversary notifications and 24% were external partners.” [A.C. — we should have a cooler name for these, like”attacker-led ‘detection’” or something]
- More good news! “Overall, ransomware intrusion detection improved in 2023 regardless of internal vs. external notification. Most notably with internal detection occurring in 6 days, which is 50% faster compared to the previous reporting period.“
- “In 2023, Mandiant experts once again saw exploits used as the most prevalent adversary initial infection vector. In intrusions where the initial intrusion vector was identified, 38% of intrusions started with an exploit. This is a six percentage point increase from 2022 […] Phishing remained the second most common intrusion vector. However it declined in 2023, with 17% of intrusions, comp
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from Security BoulevardRead the original article: