The M-Trends 2026 report reveals a significant shift in the cyber threat landscape, highlighting a divergence between rapid cybercriminal operations and stealthy espionage. Key metrics show that global median dwell time has increased to 14 days, while exploits remain the primary infection vector for the sixth consecutive year. Notably, the report identifies a dramatic collapse in the hand-off window between initial access brokers and ransomware operators, shrinking from hours to just 22 seconds, which allows for near-instantaneous high-impact operations.
Adversaries are increasingly pivoting toward highly interactive voice phishing (vishing) to bypass MFA and target SaaS environments, moving away from traditional email phishing. Ransomware tactics have also evolved into recovery denial, where attackers systematically destroy backup infrastructure and hypervisors to render virtual machines inoperable. Additionally, espionage groups are leveraging edge devices and zero-day vulnerabilities to achieve extreme persistence, often remaining undetected for over a year by exploiting devices that lack standard endpoint monitoring telemetry.
Top comments (0)