- Joined
- May 15, 2016
- Messages
- 14,226
- Likes
- 2,643
- Points
- 1,730
Data from 2021 shows that it takes hackers an average of 98 minutes to move from the originally hacked machine to other systems.
Cybercriminals began to move through the attacked networks faster and use tools that are harder to detect. This is reported in the new report of the cybersecurity company CrowdStrike for 2022.
According to the report, hackers can get from the initial access point to the endpoints in less than two hours. Data from 2021 shows that it takes attackers an average of 98 minutes to travel from the originally hacked machine to other systems. Although this figure is slightly higher compared to 92 minutes in 2020, it represents a fairly small window during which hackers can penetrate the network before they are detected by security tools and administrators. The 98 minutes also represent a marked decrease from the average of 4 hours and 37 minutes in 2018.
The problem is aggravated by the fact that cybercriminals have become more likely to resort to improvised means in attacks. Hackers are moving away from installing malware locally on endpoints in favor of legitimate system management tools.
Compared to last year, the number of such attacks without the use of malware has increased by 45%, according to the CrowdStrike report. They account for 62% of all recorded attacks. By using only legitimate tools, cybercriminals can traverse networks and access sensitive data without fear of being detected.
Government-funded hackers have stepped up in recent months. In particular, the number of attacks by Iranian hackers has increased.
In addition, cybercriminals working for China are improving their skills in exploiting vulnerabilities.
“Chinese attackers have long developed and deployed exploits to facilitate targeted intrusion operations; however, in 2021 they have shifted their focus away from conventional operating methods. For years, Chinese cybercriminals have relied on exploits that require user action, such as opening a malicious document or other file attached to emails, or visiting a website containing malicious code. In comparison, the exploits deployed by these same cybercriminals in 2021 were largely focused on vulnerabilities in devices or services connected to the Internet,” the report says.
__________________
Cybercriminals began to move through the attacked networks faster and use tools that are harder to detect. This is reported in the new report of the cybersecurity company CrowdStrike for 2022.
According to the report, hackers can get from the initial access point to the endpoints in less than two hours. Data from 2021 shows that it takes attackers an average of 98 minutes to travel from the originally hacked machine to other systems. Although this figure is slightly higher compared to 92 minutes in 2020, it represents a fairly small window during which hackers can penetrate the network before they are detected by security tools and administrators. The 98 minutes also represent a marked decrease from the average of 4 hours and 37 minutes in 2018.
The problem is aggravated by the fact that cybercriminals have become more likely to resort to improvised means in attacks. Hackers are moving away from installing malware locally on endpoints in favor of legitimate system management tools.
Compared to last year, the number of such attacks without the use of malware has increased by 45%, according to the CrowdStrike report. They account for 62% of all recorded attacks. By using only legitimate tools, cybercriminals can traverse networks and access sensitive data without fear of being detected.
Government-funded hackers have stepped up in recent months. In particular, the number of attacks by Iranian hackers has increased.
In addition, cybercriminals working for China are improving their skills in exploiting vulnerabilities.
“Chinese attackers have long developed and deployed exploits to facilitate targeted intrusion operations; however, in 2021 they have shifted their focus away from conventional operating methods. For years, Chinese cybercriminals have relied on exploits that require user action, such as opening a malicious document or other file attached to emails, or visiting a website containing malicious code. In comparison, the exploits deployed by these same cybercriminals in 2021 were largely focused on vulnerabilities in devices or services connected to the Internet,” the report says.
__________________