One of the big takeaways from our 2023 engagements, and consequently a key theme of M-Trends 2024, is that attackers are focusing more on evasion. They are aiming to avoid detection technologies (such as endpoint detection and response) and maintain persistence on networks for as long as possible, either by targeting edge devices, leveraging “living off the land” and other techniques, or through the use of zero-day vulnerabilities in security and other solutions prevalent throughout enterprises.

Despite attackers’ efforts to evade detection, defenders are continuing to get better at identifying compromises. The global median dwell time—dwell time is the number of days an attacker is on a system from compromise to detection—continued its downward trend in 2023, and is now 10 days (from 16 days in the previous year). It’s a big victory for the good guys, but ransomware is still a key factor in driving down dwell time since it tends to be detected more quickly. Furthermore, Mandiant red teams typically achieve their objectives in 5 to 7 days, so defenders must remain vigilant.