Russian State Hackers Take Minutes to Move Laterally

There was a major rise in Chinese state-sponsored cyber-activity in 2018 while Russian actors were by far the most operationally effective, according to the latest report from CrowdStrike. The security vendor’s 2019 Global Threat Report tracked the relatively new metric of “breakout time” which measures how quickly a hacker manages lateral movement following an initial incursion. In so doing, CrowdStrike believes IT teams will be better able to understand how quickly they need to respond to and contain threats. The vendor noted an average breakout time across all intrusions and threat actors of 4 hours 37 minutes. However, this varied considerably, with cyber-criminals averaging 9 hours 42 mins at one end but Russian state hackers doing the same job in just 18 minutes. Next fastest were North Korean actors with an average breakout time of 2 hours 20 minutes. China topped the list of most targeted intrusions, with a particular focus in 2018 on upstream telecoms companies as a way of compromising government targets in Asia.