Ransomware actors log on when you log off. Here’s how to stop them.

Credit to Author: Sally Adam| Date: Wed, 23 Aug 2023 11:29:54 +0000

The new 2023 Active Adversary report for Tech Leaders from Sophos X-Ops highlights how evolving adversary behaviors are accelerating the need for 24/7 threat detection and response.

Based on analysis of the incident response cases remediated by Sophos in the first half of 2023, the report illustrates how ransomware actors are making it harder for defenders to respond in a timely way to their attacks.

The Threat Response Window Is Getting Smaller

One key finding in the report is that the time available to respond to a ransomware attack has dwindled to nearly half of what it was at the start of the year. The median dwell time in ransomware attacks dropped from nine days in 2022 to just five days in the first half of 2023. With adversaries accelerating the execution of their attacks, defenders have less time to detect and stop them before files are encrypted.

More broadly, Sophos X-Ops analysis across all attack types found that it took on average less than a day—approximately 16 hours—for attackers to reach Active Directory (AD), one of the most critical assets for a company. AD is usually the most powerful and privileged system in the network, providing broad access to the systems, applications, resources and data that attackers can exploit in their attacks.

Attackers Work When You Don’t

The report also revealed that ransomware actors deploy their attacks at times when defenders are least likely to notice them. In fact, 90% of ransomware attacks now occur outside of normal weekday business hours (defined here as between 8am and 6pm, Monday to Friday). Attacks also spike at the end of the week with nearly half (43%) launched on either Friday or Saturday. If you’re not monitoring your environment at all times, including evenings and weekends, you are deeply at risk.

Get 24/7 Lightning-Fast Coverage with Sophos MDR

Providing round-the-clock expert coverage is – understandably – a challenge for most organizations. However, with adversaries actively exploiting this operational weakness, it’s important to plug the gap.

The Sophos MDR service provides 24/7 human-led threat monitoring and response delivered by a team of over 500 experts located across seven global Security Operations Centers (SOCs). Whenever adversaries attempt to deploy their attack, our team is there to detect and stop them.

And we’re fast. With an average resolution time of just 38 minutes, you can relax knowing your organization is always protected even as the response window gets smaller.

Sophos MDR works as an extension of your existing team, supplementing and complementing your staff in whatever way works best for you. From a full turnkey SOC service to evening and weekend coverage, we meet you where you are.

We also work with your existing security tools to help you get more value from your current investments without the disruption and wasted cost of a rip-and-replace approach. Whether you’re using tools from Sophos, Microsoft, or any other vendor to secure your environment, we can elevate your defenses against even the most advanced attacks.

Top Rated by Customers and Analysts

 With Sophos MDR you enjoy the peace of mind that you are protected by the world’s most trusted MDR service. We secure more organizations than any other MDR provider and are top-rated by customers and analysts alike. To learn more, visit our website or check out our hundreds of independent customer reviews on Gartner Peer Insights.

Dive Deeper into the Threat Landscape

If you want to learn more about the latest attacker approaches, look no further than the 2023 Active Adversary Report for Tech Leaders from Sophos X-Ops. The report is designed to help tech leaders make better decisions about how best to deploy their limited resources. The report is packed with threat intelligence and material insights to make sure you can support corporate strategy while driving better protection across your organization.

http://feeds.feedburner.com/sophos/dgdY