Median Dwell Time for Hackers Drops to 49 Days

The dwell time for hackers inside victim networks fell by nearly half over the past year, although the time from intrusion to containment of such threats remained virtually the same, according to Trustwave.

The security firm’s 2017 Trustwave Global Security Report is comprised of analysis from hundreds of data breach investigations around the world, as well as tens of millions of network vulnerability and web transaction scans.

It claimed that threat detection is getting better: the median number of days from an initial intrusion to detection of a compromise fell from 80.5 days in 2015 to 49 days last year. The figure was higher (65 days) for externally detected threats than internal (16).

However, values ranged from zero days to a whopping 2000, which is more than five years.

What’s more, despite organizations taking just 2.5 days to contain a detected threat, the median time taken from intrusion to containment remained virtually the same, at 62 days versus 63 in 2015.

Making the job of the white hats even harder, cyber-criminals are increasingly looking to hide their malware from security filters by using obfuscation techniques (83%) and/or encryption (36%), Trustwave claimed.

Elsewhere, the firm revealed an increase in incidents hitting Point of Sale (POS) systems, from 22% to 31%, while e-commerce attacks fell from 38% to 26%. Unsurprisingly, the US was the focal point of most POS attacks, likely a result of its sluggish adoption of EMV.

Even in the past few months alone, several such incidents have come to light, including at US restaurant businesses Chipotle, Select Restaurants and Arby’s, to name but a few.

Trustwave CEO and president, Robert McCullen, argued that attackers are evolving their tactics with the efficiency of legitimate businesses, focusing on “extreme paydays.”

“Meanwhile security skills and talent remain scarce,” he added.

“As an industry, we must continue to focus on key areas like threat detection and response, security scanning and testing and cloud security services that provide meaningful layers of protection from constantly evolving threats.”

What’s Hot on Infosecurity Magazine?