A report by the market research firm Sophos revealed that cyberattackers have 11 days after breaching a target network before they are discovered, and most often the detection happens due to the use of ransomware.<\/p>\n\n\n\n
This number of days is more than enough for hackers to get a complete overview of a corrupted network, its weaknesses, and how to damage it.<\/p>\n\n\n\n
Sophos explains the short dwell time in its incident response data, where 81% of the incidents it helped customers with involved ransomware attacks, which is a loud attack that immediately triggers an alarm for tech departments.<\/p>\n\n\n\n
Other attacks include data theft, cryptominers, banking trojans, data wipers, and the use of penetration testing tools such as Cobalt Strike.<\/p>\n\n\n\n
Another issue is the widespread attacks of the Remote Desktop Protocol, whereby 30% of attacks on RDP and 69% are carried out with RDP. Attacks on RDP are primarily used to initiate ransomware operations.<\/p>\n\n\n\n
Also, phishing became the gateway for 12% of attacks, while 10% involved exploiting an unpatched system.<\/p>\n\n\n\n
Sophos also came up with a list of the most widespread ransomware groups.<\/p>\n\n\n\n
According to Sophos, REvil (aka Sodinokibi), was the most active ransomware threat in 2020 along with Ryuk, who has made an estimated $150 million through ransomware.<\/p>\n\n\n\n
Other large ransomware groups include Dharma, Maze, Ragnarok, and Netwalker.<\/p>\n\n\n