As more companies become cybersecurity aware, integrate detection technologies, and hire experts, the dwell time of ransomware attacks has decreased significantly.
In an interview with the Star at the Gulf Information Technology Exhibition (GITEX) Forum in Dubai, John Shah, field chief technology officer at Sophos, said: We observed a significant 72% reduction in the dwell time of ransomware attacks.
“While some of this progress can be attributed to greater integration of detection technologies, it remains essential to recognize the importance of hands-on experience,” he said.
According to Shier, Sophos X-Ops analyzed Sophos incident response (IR) cases from January to July 2023 and found that The researchers found that the time required to complete the process was reduced from 10 days to 8 days in all cases. In case of ransomware attack he takes 5 days.
In 2022, the median length of stay decreased from 15 days to 10 days.
Furthermore, the company discovered that On average, it took attackers less than a day (approximately 16 hours) to reach Active Directory (AD), one of a company’s most critical assets.
AD typically manages identities and access to resources across an organization. This means that attackers can easily use AD to escalate their privileges on the system and simply log in and perform a variety of malicious activities.
“From an offensive standpoint, it makes sense to attack an organization’s Active Directory infrastructure. It provides broad access to systems, applications, resources, and data,” said Scheier. Said.
He concluded that if attackers control AD, they can control organizations. The impact, escalation, and recovery overhead of Active Directory attacks is why they are targeted.
However, according to the company’s latest report, Cybercriminals have turned their guns on retail businesses after they discovered they were a softer target.
As a cross-disciplinary trend, The retail industry has experienced the highest encryption rates in the past three years, with 71% of organizations targeted by ransomware saying attackers successfully encrypted their data.
Only 26% of organizations surveyed were able to stop cybercriminals from encrypting data through ransomware attacks, the lowest disruption rate in three years.
The latest on retail ransomware in 2023: Sophos found that last year, only 26% of retail organizations were able to stop ransomware attacks before their data was encrypted.
A notable case in Kenya is Naivas, which currently faces a fine of 5 million lice if the Data Commissioner finds it responsible.
This is the lowest for the industry in three years and is down from 34% in 2021 and 28% in 2022, suggesting the industry is already unable to stop ongoing ransomware attacks. ing.
“Retailers are at a disadvantage in the fight against ransomware. Ransomware criminals have “Over the past three years, retail victims have become increasingly encrypted,” the report said.
The group argues that retailers need to strengthen their defenses by setting up security to detect and respond to intrusions early in the attack chain.
Additionally, the report found that the median recovery cost for retail organizations that paid a ransom was [not including the ransom payment] Recovery costs were 4x higher when using backups to recover data [$3,000,000 versus $750,000].
“According to our survey respondents, at least 43 percent of retail victims paid the ransom, but the median recovery cost for victims who paid the ransom was lower than the average cost of recovery using backups or other recovery methods. It was four times the cost to the victim.”