Multi-Device Licenses (Volume Discounts)

Change Region

English Dansk Deutsch Español Français Italiano Nederlands Polski Português Svenska Türkçe български език Русский हिन्दी 日本語 汉语 漢語 한국어
Computer Security Hackers Now Need Roughly an Hour for a Network Takeover

Hackers Now Need Roughly an Hour for a Network Takeover

By Mura in Computer Security
Translate To:
English
Hackers Now Need Roughly an Hour for a Network Takeover Image

After initially breaching a victim's network, hackers usually deploy additional tools and measures that allow them to perform what is commonly called "lateral movement" across a network. Researchers working with infosec firm CrowdStrike recently published a report on their observations from the year 2021.

The report shows that the time hackers need to go from initial breach to full lateral movement has been dropping dramatically.

Lateral movement is usually defined as the set of actions and tools employed by a threat actor once they have gained initial access to a network. This includes the deployment of counter-detection measures and gaining access to as many connected devices as possible and accessing their contents.

Once an attack moves from initial breach to full lateral movement, it becomes significantly more difficult for the victim's IT security team to deal with the situation and contain it.

In this sense, the big decrease in the time threat actors need to go from initial access to lateral movement is a significant issue. CrowdStrike sourced the data for its report from over a quarter million customer endpoints.

The collated data shows that while on average the so-called "breakout time" to go from first access to lateral movement was just over an hour and a half, there was a sizable portion of attacks that managed to break out within less than 30 minutes. This is bad news for security teams across the world, as once lateral movement is achieved, the network is wide open for the deployment of ransomware, for example. This makes lightning-fast first-response a crucial point in security.

To make matters worse, more than half of the attacks tracked by CrowdStrike did not use discrete malicious tools. Instead, attacks abused vulnerabilities in legitimate software, which makes detection that much more difficult.

While ransomware remains as popular as ever, the security report also noted that attacks focused on cryptojacking and exploiting victim systems to mine crypto illegally increased twofold compared to last year.

Loading...