"Cyber Intrusion Detection Time at an All-Time Low"

Security researchers at Google's Mandiant have found that organizations and their cyber defenders are getting better at detecting cyberattacks, but detection time still stands at 16 days.  During the study, the researchers found that 2022 saw a decrease in global median dwell time (the time the cyberattack victim takes to detect the intrusion) from 21 days in 2021 to 16 days in 2022.  This is the shortest global median dwell time since Mandiant started recording this metric in 2011.  The researchers stated that the decrease can be attributed to cyber defenders getting better, coupled with attackers being more brazen than they were in the past.  The researchers also found that ransomware attacks decreased in 2022, accounting for 18% of all intrusions recorded on Mandiant's telemetry that year, compared to 23% in 2021.  The researchers noted that this drop can partially be attributed to the work of law enforcement.  State-sponsored malicious activity, however, spiked in 2022.  The researchers identified extensive cyber espionage and information operations leading up to and since Russia's invasion of Ukraine on February 24, 2022, and observed more destructive cyberattacks in Ukraine during the first four months of 2022 than in the previous eight years.  In 2022, Mandiant began tracking 588 new malware families, the main ones being backdoors (34%), downloaders (14%), droppers (11%), ransomware (7%), and launchers (5%).  As with previous years, the most common malware family identified by Mandiant in investigations was BEACON, a multi-function backdoor identified in 15% of all intrusions. 

Infosecurity reports: "Cyber Intrusion Detection Time at an All-Time Low"