Kevin Beaumont on Nostr: Dwell time - the time between initial access to incident response (ie notification or ...
Dwell time - the time between initial access to incident response (ie notification or detection) rose slightly YoY. Attackers typically in environment for 11 days.
Do not believe the headlines around ‘ransomware deployed in 1 hour using AI!!!1!’ - every single incident response org data shows you usually have a week for detection and response before ransomware deployment. You can detect and respond - do it, don’t buy the magic cyber beans.
Published at
2025-04-24 06:22:24Event JSON
{
"id": "6b215e83855878ba9928f22a940c0d4d25135686de4096b4f4c38f16068925a8",
"pubkey": "f6870afcde4480ec8508f50304859e14a51309ff24ab3f0f862c52bdc4af8747",
"created_at": 1745475744,
"kind": 1,
"tags": [
[
"e",
"85a0dde27961a84aa1b4efa1ac634570fc416782fa46d273bce78112aa2140ee",
"wss://relay.mostr.pub",
"reply"
],
[
"imeta",
"url https://cyberplace.social/system/media_attachments/files/114/391/498/166/566/371/original/b27c3f48d66aebdf.jpeg",
"m image/jpeg",
"dim 1290x382",
"blurhash U@LXx[ayayj[$]WBayfQ~pWBayazSSWBayj@"
],
[
"proxy",
"https://cyberplace.social/users/GossiTheDog/statuses/114391498416908569",
"activitypub"
],
[
"client",
"Mostr",
"31990:6be38f8c63df7dbf84db7ec4a6e6fbbd8d19dca3b980efad18585c46f04b26f9:mostr",
"wss://relay.mostr.pub"
]
],
"content": "Dwell time - the time between initial access to incident response (ie notification or detection) rose slightly YoY. Attackers typically in environment for 11 days. \n\nDo not believe the headlines around ‘ransomware deployed in 1 hour using AI!!!1!’ - every single incident response org data shows you usually have a week for detection and response before ransomware deployment. You can detect and respond - do it, don’t buy the magic cyber beans.\n\nhttps://cyberplace.social/system/media_attachments/files/114/391/498/166/566/371/original/b27c3f48d66aebdf.jpeg",
"sig": "63b8d10c834fbc8416b357f8b9ead98ddc9ad36cccc663edc4e4f06fd391d9fde1b6298fe5b2c7c3151460a566f0e61908d9c2bb2010c754d8088358975ff3e8"
}
