Mandiant recently released its M-Trends 2024 report which highlights targeted attack activity of 4000 different attack groups throughout 2023. It provides a deep look at the evolving cyber threat landscape taken from Mandiant’s incident response investigations and threat intelligence analysis of high-impact attacks around the globe.

Some main points from the report include:

• Attackers are taking greater strides to evade detection. Many of Mandiant’s observations demonstrate a more concerted effort by attackers to evade detection and remain undetected on systems for longer periods of time. This includes an increased targeting of endpoint devices, and platforms that traditionally lack endpoint detection and response solutions. Zero-day usage also increased by 56% over the same reporting period in 2022, and more “living off the land” tactics, or use of legitimate, pre-installed tools and software within an environment were observed.  
• Attackers are increasingly exploiting vulnerabilities in computer systems. Moving away from traditional phishing tactics, attackers are increasingly using software vulnerabilities to gain initial access to networks and systems. Attackers gained initial access through exploiting vulnerabilities in 38% of intrusions, a 6% increase since 2022, and phishing as an initial access vector decreased from 22% to 17% in 2023 over the same period.
• Attacker dwell times have decreased. Despite the above trends, dwell time, which represents the period of time an attacker is on a system before being detected, is down to 10 days from 16 days in 2022. This may be attributed to defenders getting better at detecting threats, however ransomware, which is on the rise, plays a major role in decreasing the overall dwell time that an attacker has access to compromised systems and is the most likely reason for the decrease.

To obtain a copy of this year’s M-trends report, visit Mandiant. For additional analysis on the report, see Google and Infosecurity Magazine.