ZDNet reports that cybercriminals have been spending a median dwell time of 15 days inside compromised networks in 2021, compared with 11 days in 2020, indicating a prolonged duration for performing malicious activities without being detected. Unpatched security flaws have been the most prevalent approach leveraged by attackers in achieving initial network access, accounting for 47% of incidents last year, with the ProxyShell and ProxyLogon vulnerabilities being the most targeted flaws, a Sophos report showed. Inadequate patching practices have been blamed for extended dwell times, which were longest among education entities and small businesses. "We've seen this multiple attackers ending up in the same network, multiple ransomware crews ending up in the same network, the same crew going back into the same network again because the company didn't close the hole in the first place after they've recovered that's what the longer dwell times are," said Sophos Senior Security Advisor John Shier.