Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Mandiant’s M-Trends 2022 Report Released: Dwell Time is Down!

April 28, 2022

Security Boulevard reported on April 21 that Mandiant’s M-Trends 2022 Report contains some good news. Enterprises are learning about the security breaches that affect them sooner. The bad news is that earlier detection is partly due to a function of the nature of the attacks, including an increase in ransomware attacks.

The global median dwell time (the median number of days an attacker is in a target’s environment before being identified)—fell to 21 days in 2021 from 24 days in 2020. The report is based on investigations tracked by the company between Oct. 1, 2020, and Dec. 31, 2021.

Over the past decade, Mandiant’s median dwell time has declined a lot. In 2011, the median dwell time was more than a year. In 2019, the median dwell time was 56 days. Mandiant attributes the drop in the past few years to both improvements in enterprise detection and response and the increase in ransomware attacks. If you think about it, that makes sense. If attackers are focused on stealing trade secrets, they want to remain hidden. But if it’s an extortion attack, they need to make themselves known and demand a ransom.

This is precisely why ransomware has a significantly lower median dwell time than non-ransomware attacks.

The report found software exploits to be the most common point of initial infection. According to Mandiant, 37% started with such an exploit, while 11% were the result of phishing attacks. Successful supply chain compromises rose dramatically, up to 17% this year from 1% last year.

Now that’s a striking stat.

Also, Mandiant found business and professional services and financial services were the top industries targeted, at 14% each. They were followed by health care (11%), retail and hospitality (10%), and tech and government (both at 9%).

Mandiant identified China’s cyber espionage changes and warned that changes in the nation’s priorities could mean growth in China-aligned threat actors targeting intellectual property and other strategically important economic information. There is great concern about how we might combat such attacks.

Hat tip to Dave Ries.

Sharon D. Nelson, Esq., PresidentSensei Enterprises, Inc.
3975 University Drive, Suite 225Fairfax, VA 22030
Email:   Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology