Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Mandiant’s M-Trends 2022 Report Released: Dwell Time is Down!

April 28, 2022

Security Boulevard reported on April 21 that Mandiant’s M-Trends 2022 Report contains some good news. Enterprises are learning about the security breaches that affect them sooner. The bad news is that earlier detection is partly due to a function of the nature of the attacks, including an increase in ransomware attacks.

The global median dwell time (the median number of days an attacker is in a target’s environment before being identified)—fell to 21 days in 2021 from 24 days in 2020. The report is based on investigations tracked by the company between Oct. 1, 2020, and Dec. 31, 2021.

Over the past decade, Mandiant’s median dwell time has declined a lot. In 2011, the median dwell time was more than a year. In 2019, the median dwell time was 56 days. Mandiant attributes the drop in the past few years to both improvements in enterprise detection and response and the increase in ransomware attacks. If you think about it, that makes sense. If attackers are focused on stealing trade secrets, they want to remain hidden. But if it’s an extortion attack, they need to make themselves known and demand a ransom.

This is precisely why ransomware has a significantly lower median dwell time than non-ransomware attacks.

The report found software exploits to be the most common point of initial infection. According to Mandiant, 37% started with such an exploit, while 11% were the result of phishing attacks. Successful supply chain compromises rose dramatically, up to 17% this year from 1% last year.

Now that’s a striking stat.

Also, Mandiant found business and professional services and financial services were the top industries targeted, at 14% each. They were followed by health care (11%), retail and hospitality (10%), and tech and government (both at 9%).

Mandiant identified China’s cyber espionage changes and warned that changes in the nation’s priorities could mean growth in China-aligned threat actors targeting intellectual property and other strategically important economic information. There is great concern about how we might combat such attacks.

Hat tip to Dave Ries.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225, Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

Mandiant’s M-Trends 2022 Report Released: Dwell Time is Down!

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer