Russian Cyberattackers are in and Gone in Less than 20 Minutes
Russian cyberattackers are almost eight-times faster at taking advantage of a compromised system compared to other nation-state actors, a tribute to their operational tradecraft, according to Crowdstrike’s 2019 Global Threat report.
An analysis of what Crowdstrike calls “breakout time” shows the Russians are quicker, by a factor of eight, at moving laterally through a system and accomplishing their primary objectives then their next closest competitor, the North Koreans.
The report noted this level of accomplishment is even more impressive considering the North Korean threat teams themselves are twice as fast as the third-place Chinese crews. Iran was the fourth quickest while various cybercrime actors were fifth. Russians are typically able to do this in just under 19 minutes, compared to two and a half hours for the North Koreans and four hours eight minutes for the Chinese.
One bit of good news in this category is that overall the average breakout time across all threats in 2019 was four hours and 37 minutes, more than twice as long as the one hour and 58 minutes logged by Crowdstrike in 2017. The report credited two possible factors for this jump. An increase in the number of slower attackers and more organizations deploying next-generation endpoint security.
In order to combat effective attackers like the Russians, Crowdstrike recommends companies employee the 1-10-60 rule. This requires an intrusion be detected in under a minute, a full investigation be performed in 10 minutes and the adversary eradicated from the system within an hour.
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise