Actors behind ransomware threats are lingering for shorter durations on infiltrated networks before security systems detect them. During the year’s initial half, the median time these hackers stayed unnoticed reduced to five days, a decline from nine days in 2022.
Across all types of breaches, the typical undetected duration is 15-16 days, with the longest this year exceeding three months.
Insightful trends become apparent from Sophos’ findings on days and timings. It seems that attackers, ransomware culprits included, predominantly target companies on Tuesdays to Thursdays.
The majority of ransomware breaches occur on Fridays and Saturdays, leveraging the challenges companies face in mobilizing tech response teams.
Remote Desktop Protocol (RDP) remains a prime tool for attackers, given its integration in many Windows editions. As Sophos points out, the widespread use of stolen login details and common single-factor authentication make RDP attractive to cyber adversaries.
Data indicates that 95% of breaches utilized RDP. But, its primary use was internal (in 93% of occurrences) and external only in 18% of the situations.
Hence, Sophos urges businesses to prioritize RDP security. Restricting this access could compel cybercriminals to expend more resources, giving businesses a better chance at detection.
Preserving data for an appropriate duration and consistent monitoring is also essential. This practice not only aids in detecting cyber intruders early on but also equips defense teams with valuable intel to address threats efficiently.