March 23, 2026

“M-Trends 2026: Initial Access Time Plummets to Record Low of 22 Seconds

Vaibhav March 23, 2026
M-Trends-2026-Initial-Access-Time-Plummets-to-Record-Low-of-22-Seconds
Post Views: 4

Initial Access Handoff Speed Increases Dramatically Over Past Few Years

The time frame between initial system access and the transfer of control to a secondary threat group has dramatically shortened in recent years.

Average Time Frame Decreases from Hours to Seconds

In 2022, this period averaged eight hours, but by 2025, it had shrunk to just 22 seconds.

According to research, this rapid change suggests closer collaboration between initial access providers and secondary groups, possibly through automated processes where initial access brokers directly deliver malware on behalf of secondary groups rather than listing available access on cybercrime platforms.

Infection Vectors Shift Towards Exploits

Infection vectors have shifted, with exploits now accounting for 32% of cases, surpassing phishing, prior compromise, and stolen credentials.

  • Phishing has declined from 22% in 2022 to just 6% in 2025.
  • The top vulnerabilities exploited included the SAP NetWeaver vulnerability (CVE-2025-31324), the Oracle EBS flaw (CVE-2025-61882), and the SharePoint flaw (CVE-2025-53770).

Improvement in Incident Discovery Rates

Incident discovery rates have improved, with breaches detected internally in 52% of cases and externally in 34%.

Dwell times, however, remain a concern, with a median duration of 14 days in 2025, a slight increase from previous years.

This is partly attributed to sophisticated attackers like North Korean IT workers and cyberespionage actors who aim to evade detection for extended periods.

Financial Motives Drive Approximately 30% of Attacks

Financial motives drive approximately 30% of attacks, while 40% involve data theft.

  • High-tech companies are the primary targets, followed by those in the financial, business services, and healthcare sectors.
  • The emergence of new malware families continues, with 714 identified in 2025, including those targeting Linux and macOS.

Cloud-related compromises are increasingly prevalent, with voice phishing being the most common initial vector, mainly attributed to ShinyHunters and Scattered Spider activity.

Regional Trends Show Higher Risks in Certain Countries

The global threat landscape demands constant vigilance and adaptation from organizations, requiring them to invest in robust security measures to protect against evolving threats.


Blog Image

About Author

Vaibhav

See author's posts

More Stories

India-Cyber-Crime-on-Rise-1-054-Crore-Lost-to-Scammers-in-4-Years

India Cyber Crime on Rise: ₹1,054 Crore Lost to Scammers in 4 Years

Vaibhav March 23, 2026
Cyber-Frauds-in-India-1-054-Crore-Lost-in-4-Years-Concerns-Over-Weak-Systems

Cyber Frauds in India: ₹1,054 Crore Lost in 4 Years, Concerns Over Weak Systems

Vaibhav March 23, 2026
Small-Payments-Hiding-Big-Security-Risks-Understanding-Cyber-Threats-Behind-Tiny-Transaction-Frauds

Small Payments Hiding Big Security Risks: Understanding Cyber Threats Behind Tiny Transaction Frauds

Vaibhav March 23, 2026

Latest Cyber Security News

Devices-Most-Vulnerable-to-Hacking-Threats-in-2026-A-Forecast-Analysis

“Devices Most Vulnerable to Hacking Threats in 2026: A Forecast Analysis

Vaibhav March 23, 2026
Boosting-Security-Operations-with-Broadcom-s-XDR-Solution-for-Under-Resourced-Teams

“Boosting Security Operations with Broadcom’s XDR Solution for Under-Resourced Teams

Vaibhav March 23, 2026
Gujarat-Cyber-Fraud-Alarms-Rise-Among-Senior-Citizens

Gujarat Cyber Fraud Alarms Rise Among Senior Citizens

Vaibhav March 23, 2026
Cyber-Scam-Uncovered-in-Balrampur-58-Crores-Recovered-5-Accused-Held

Cyber Scam Uncovered in Balrampur: ₹58 Crores Recovered, 5 Accused Held

Vaibhav March 23, 2026
Secure-AI-and-the-Data-It-Rely-On-A-Comprehensive-Guide

Secure AI and the Data It Rely On: A Comprehensive Guide

Vaibhav March 23, 2026
en_USEnglish
en_USEnglish