"The time between initial access to an organization's systems and the handoff to a secondary threat group has decreased from hours to seconds, now averaging only 22 seconds in 2025. This indicates a closer collaboration between initial access partners and secondary groups, often facilitated by automated processes."
"The most common initial infection vector was exploits, accounting for 32% of cases, followed by phishing at 11%, prior compromise at 10%, and stolen credentials at 9%. Email phishing has seen a significant decline, dropping from 22% in 2022 to only 6%."
"Breaches were detected internally in 52% of cases, while victims learned about the intrusion from an external entity in 34% of cases. The median dwell time for attackers in 2025 was 14 days, a slight increase from previous years but a significant drop from 146 days in 2015."
The M-Trends 2026 report reveals a significant reduction in the time between initial access to systems and handoff to secondary threat groups, now averaging 22 seconds. This marks a decline from over 8 hours in 2022. The report attributes this to increased collaboration and automation among cybercriminals. The most common infection vector was exploits, followed by phishing and stolen credentials. Breaches were detected internally in 52% of cases, with a median dwell time of 14 days in 2025, reflecting a long-term decrease from 146 days in 2015.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]