"Attacker Breakout Time Now Less Than 30 Minutes"

Researchers at CrowdStrike discovered that the average time it takes threat actors to move from initial access to lateral movement has fallen by 67% over the past year, putting extra pressure on security operations (SecOps) teams.  The findings come from the security firm’s own investigations with customers across around 248,000 unique global endpoints.  For incidents where this “breakout time” could be derived over the past year, it averaged just 1 hour 32 minutes. However, in over a third (36%) of intrusions, adversaries managed to move laterally to additional hosts in under 30 minutes.  The researchers also found that threat actors are becoming more stealthy. In 68% of detections indexed by CrowdStrike, no malware was used at all. This means “living off the land” techniques and legitimate tooling were employed to stay under the radar of traditional security tools.  In total, the vendor detected a 60% increase in attempted intrusions across all verticals and geographic regions between July 2020 and June 2021 versus a year previous.  When it came to targeted intrusions, China-based threat actors were the most prolific by far, accounting for 67% of incidents.
 

Infosecurity reports: "Attacker Breakout Time Now Less Than 30 Minutes"