In this Help Net Security interview, John Shier, Senior Security Advisor at Sophos, talks about the main findings of two Sophos reports: the 2022 Active Adversary Report and the State of Ransomware Report, which provide an exceptional overview of the modern threat landscape.
Intruder dwell time has increased 36% over last year, with the median going from 11 days to 15 days. However, there was some interesting variability within this statistic. Ransomware victims saw lower median dwell times (11 days) compared to non-ransomware attacks (34 days), and smaller organizations saw the longest average dwell times. Nearly half (47%) of the attacks were the result of an exploited vulnerability. For example, easily exploited vulnerabilities like ProxyLogon and ProxyShell featured prominently in this year’s data. This trend was likely led by initial access brokers (IAB) who specialize in gaining initial access into networks and selling that access to all types of cybercriminals.