Attacker Breakout Time Now Less Than 30 Minutes
Crowdstrike recently released a new report based on investigations with customers across roughly 248,000 unique global endpoints. The investigation centered on determining the average time it takes threat actors to move from initial access to lateral movement. According to CrowdStrike’s findings, the time it takes to complete this movement has fallen by 67% over the past year, putting additional pressure on security operations teams. In over one-third of instructions, adversaries managed to move laterally within a company’s network in just 30 minutes, while the average breakout time was one hour and 32 minutes.
The drastic decrease in the time it takes adversaries to move laterally makes the jobs of incident responders more challenging. Lateral movement is the point in an attack that threat actors are able to discover data and exfiltrate new systems to deploy ransomware on. CrowdStrike stated that once lateral movement occurs, incidents become harder and more costly to resolve. In total, CrowdStrike also detected a 60% increase in attempted intrusions across all geographic regions within the past year.