“M-Trends 2026: Initial Access Time Plummets to Record Low of 22 Seconds
Initial Access Handoff Speed Increases Dramatically Over Past Few Years
The time frame between initial system access and the transfer of control to a secondary threat group has dramatically shortened in recent years.
Average Time Frame Decreases from Hours to Seconds
In 2022, this period averaged eight hours, but by 2025, it had shrunk to just 22 seconds.
Infection Vectors Shift Towards Exploits
Infection vectors have shifted, with exploits now accounting for 32% of cases, surpassing phishing, prior compromise, and stolen credentials.
- Phishing has declined from 22% in 2022 to just 6% in 2025.
- The top vulnerabilities exploited included the SAP NetWeaver vulnerability (CVE-2025-31324), the Oracle EBS flaw (CVE-2025-61882), and the SharePoint flaw (CVE-2025-53770).
Improvement in Incident Discovery Rates
Incident discovery rates have improved, with breaches detected internally in 52% of cases and externally in 34%.
Dwell times, however, remain a concern, with a median duration of 14 days in 2025, a slight increase from previous years.
Financial Motives Drive Approximately 30% of Attacks
Financial motives drive approximately 30% of attacks, while 40% involve data theft.
- High-tech companies are the primary targets, followed by those in the financial, business services, and healthcare sectors.
- The emergence of new malware families continues, with 714 identified in 2025, including those targeting Linux and macOS.
Cloud-related compromises are increasingly prevalent, with voice phishing being the most common initial vector, mainly attributed to ShinyHunters and Scattered Spider activity.
Regional Trends Show Higher Risks in Certain Countries
The global threat landscape demands constant vigilance and adaptation from organizations, requiring them to invest in robust security measures to protect against evolving threats.
About Author
English