• About
  • Advertise
  • Careers
  • Contact Us
Sunday, June 29, 2025
  • Login
No Result
View All Result
NEWSLETTER
Tech | Business | Economy
  • News
  • Tech
    • DisruptiveTECH
    • ConsumerTech
    • How To
    • TechTAINMENT
  • Business
    • Telecoms
    • Mobility
    • Environment
    • Travel
    • StartUPs
      • Chidiverse
    • TE Insights
    • Security
  • Partners
  • Economy
    • Finance
    • Fintech
    • Digital Assets
    • Personal Finance
    • Insurance
  • Features
    • IndustryINFLUENCERS
    • Guest Writer
    • EventDIARY
    • Editorial
    • Appointment
  • TECHECONOMY TV
  • Apply
  • TBS
  • BusinesSENSE For SMEs
  • Chidiverse
  • News
  • Tech
    • DisruptiveTECH
    • ConsumerTech
    • How To
    • TechTAINMENT
  • Business
    • Telecoms
    • Mobility
    • Environment
    • Travel
    • StartUPs
      • Chidiverse
    • TE Insights
    • Security
  • Partners
  • Economy
    • Finance
    • Fintech
    • Digital Assets
    • Personal Finance
    • Insurance
  • Features
    • IndustryINFLUENCERS
    • Guest Writer
    • EventDIARY
    • Editorial
    • Appointment
  • TECHECONOMY TV
  • Apply
  • TBS
  • BusinesSENSE For SMEs
  • Chidiverse
No Result
View All Result
Tech | Business | Economy
No Result
View All Result
Home Business Security

Time From the Start of an Attack to When It’s Detected Shrinks to 8 Days in Q1 2023, Sophos Finds

by Admin
August 30, 2023
in Security
0
Time From the Start of an Attack to When It’s Detected
It Takes Less Than a Day for Attackers to Reach Active Directory—Companies' Most Critical Asset

Time From the Start of an Attack to When It’s Detected

UBA
Advertisements
  • It Takes Less Than a Day for Attackers to Reach Active Directory—Companies’ Most Critical Asset
  • The Vast Majority of Ransomware Attacks Occur Outside of Business Hours

Sophos, a global leader in innovating and delivering cybersecurity as a service, has released its Active Adversary Report for Tech Leaders 2023, an in-depth look at attacker behaviors and tools during the first half of 2023.

After analyzing Sophos Incident Response (IR) cases from January to July 2023, Sophos X-Ops found that median attacker dwell time—the time from when an attack starts to when it’s detected—shrunk from 10 to eight days for all attacks, and to five days for ransomware attacks. In 2022, the median dwell time decreased from 15 to 10 days.

In addition, Sophos X-Ops found that it took on average less than a day—approximately 16 hours—for attackers to reach Active Directory (AD), one of the most critical assets for a company. AD typically manages identity and access to resources across an organization, meaning attackers can use AD to easily escalate their privileges on a system to simply log in and carry out a wide range of malicious activity.

“Attacking an organization’s Active Directory infrastructure makes sense from an offensive view. AD is usually the most powerful and privileged system in the network, providing broad access to the systems, applications, resources and data that attackers can exploit in their attacks. When an attacker controls AD, they can control the organization. The impact, escalation, and recovery overhead of an Active Directory attack is why it’s targeted,” said John Shier, field CTO, Sophos.

“Getting to and gaining control of the Active Directory server in the attack chain provides adversaries several advantages. They can linger undetected to determine their next move, and, once they’re ready to go, they can blast through a victim’s network unimpeded.

“Full recovery from a domain compromise can be a lengthy and arduous effort. Such an attack damages the foundation of security upon which an organization’s infrastructure relies. Very often, a successful AD attack means a security team has to start from scratch.”

The dwell time for ransomware attacks also declined. They were the most prevalent type of attack in the IR cases analyzed, accounting for 69% of investigated cases, and the median dwell time for these attacks was just five days. In 81% of ransomware attacks, the final payload was launched outside of traditional working hours, and for those that were deployed during business hours, only five happened on a weekday.

The number of attacks detected increased as the week progressed, most notably when examining ransomware attacks. Nearly half (43%) of ransomware attacks were detected on either Friday or Saturday.

“In some ways we’ve been victims of our own success. As adoption of technologies like XDR and services such as MDR grows, so does our ability to detect attacks sooner. Lowering detection times leads to a faster response, which translates to a shorter operating window for attackers. At the same time, criminals have been honing their playbooks, especially the experienced and well-resourced ransomware affiliates, who continue to speed up their noisy attacks in the face of improved defenses.

But, it doesn’t mean we’re collectively more secure. This is evidenced by the levelling off of non-ransomware dwell times. Attackers are still getting into our networks, and when time isn’t pressing, they tend to linger. But all the tools in the world won’t save you if you’re not watching. It takes both the right tools and continuous, proactive monitoring to ensure that criminals have a worse day than you do. This is where MDR can really close the gap between attackers and defenders, because even when you’re not watching, we are,” said Shier.

The Sophos Active Adversary Report for Business Leaders is based on Sophos Incident response (IR) investigations spanning the globe across 25 sectors from January to July 2023. Targeted organizations were located in 33 different countries across six continents. Eighty-eight percent of cases came from organizations with fewer than 1,000 employees.

The Sophos Active Adversary Report for Tech Leaders provides security professionals with actionable threat intelligence and insights to better operationalize their security strategy.

To learn more about attacker behaviors, tools and techniques, read “Time Keeps on Slippin’ Slippin’ Slippin’: The 2023 Active Adversary Report for Tech Leaders” on Sophos.com.

Loading

Advertisements
MTN ADS

Author

  • Admin

    TechEconomy is a Distinct News Media That Focuses on BUSINESSES, PEOPLE, PLATFORMS, INSTITUTIONS

    View all posts
0Shares
Tags: Sophos
Admin

Admin

TechEconomy is a Distinct News Media That Focuses on BUSINESSES, PEOPLE, PLATFORMS, INSTITUTIONS

Next Post
monieworx

MonieWorx Encore Campaign Raises NGN260 Million in 7 Days – Unlocking ‘Badly-Needed’ Capital  for SMEs

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Recommended

SALMAN TARIQ - Optiva writes on MNOs for 2024

Africa’s Mobile Revolution: Opportunities and Challenges for MVNOs in 2024

2 years ago
Paystack

Paystack Co-founder, Shola Akinlade Acquires 55% Stake to own Danish Club

2 years ago

Popular News

    Connect with us

    • About
    • Advertise
    • Careers
    • Contact Us

    © 2025 TECHECONOMY.

    No Result
    View All Result
    • News
    • Tech
      • DisruptiveTECH
      • ConsumerTech
      • How To
      • TechTAINMENT
    • Business
      • Telecoms
      • Mobility
      • Environment
      • Travel
      • StartUPs
        • Chidiverse
      • TE Insights
      • Security
    • Partners
    • Economy
      • Finance
      • Fintech
      • Digital Assets
      • Personal Finance
      • Insurance
    • Features
      • IndustryINFLUENCERS
      • Guest Writer
      • EventDIARY
      • Editorial
      • Appointment
    • TECHECONOMY TV
    • Apply
    • TBS
    • BusinesSENSE For SMEs

    © 2025 TECHECONOMY.

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In
    Translate »
    This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.