AttackClock
The Full Lifecycle of Cyber Risk — In Real Time
VCRI A Value Chain Risk Institute Research Project
✉ Ask Cairn ⚠ Assess Your Vendors →

Data sourced from CISA, IBM, Mandiant, Coveware, and open research. Updated regularly.

The Attack Timeline

Median durations across each stage of a typical breach lifecycle

By Attack Type

How long each class of attack persists before detection or resolution

Router Threat Dashboard

Consumer router infrastructure — an active and growing attack surface

FCC Action: On March 23, 2026, the FCC banned all foreign-made consumer routers from new authorization in the United States.
125M
Foreign routers in US households
Already deployed and unpatched
5+ yrs
Volt Typhoon dwell time
CISA AA24-038A
260K
Flax Typhoon devices
FBI/CISA disruption 2024
500K
VPNFilter devices
54 countries, 2018

Learn more about VCRI's Conditional Approval methodology →

About

AttackClock aggregates open-source threat intelligence to show the full lifecycle of cyber risk — from vulnerability disclosure through exploitation, dwell time, detection, and recovery.

Data from: CISA KEV, IBM Cost of Data Breach, Mandiant M-Trends, Coveware, Zero Day Clock, NVD, and other open sources.

Built by Cairn. A project of the Value Chain Risk Institute.