CrowdStrike research shows adversaries took just 79 minutes, on average to ‘breakout’ of their initial beach head into a victim’s system – with fastest recorded time being just seven minutes.
New research from CrowdStrike shows cybercriminals are getting faster at breaching victim’s systems, with the average ‘breakout time’ falling globally by six per cent since 2022 – from 84 minutes to 79 minutes.
The research reveals Chinese cyber adversaries heavily targeted the APAC region over others – targeting 14 sectors compared to only six in the Americas and two in EMEA.
Globally, financial service firms are shown to have suffered an 80% increase in cyberattacks.
Within the APAC region, technology companies were the most targeted, attracting 26% of all attacks.
Telco (12%), retail (11%), financial services (8%) and manufacturing (7%) making up the rest of the top five.
The rise in global attacks on financial service firms was driven, in part, by an uptick in activity originating from North Korea.
The intelligence is outline in the CrowdStrike 2023 Threat Hunting Report.
The company’s sixth annual edition of the report, which covers attack trends and adversary tradecraft observed by CrowdStrike’s threat hunters and intelligence analysts, exposes a massive increase in identity-based intrusions, growing expertise by adversaries targeting the cloud, a 3x spike in adversary use of legitimate remote monitoring and management (RMM) tools and that record low in adversary breakout time.
Covering adversary activity between July 2022 and June 2023, the report is the first to be published by CrowdStrike’s newly unveiled Counter Adversary Operations team, which was officially announced at Black Hat USA 2023.
Key findings from the report include:
- Within the APJ region, technology companies were the most targeted, attracting 26% of all attacks, with telco (12%), retail (11%), financial services (8%) and manufacturing (7%) making up the rest of the top five.
- Chinese adversaries showed a strong interest in regional APJ targets, targeting 14 different industry types, compared to only 6 in the Americas and 2 in EMEA.
- Adversary breakout time hits an all-time low of 79 minutes: The average time it takes an adversary to move laterally from initial compromise to other hosts in the victim environment fell from the previous all-time low of 84 minutes in 2022 to a record 79 minutes in 2023. Additionally, the fastest breakout time of the year was recorded at just seven minutes.
- The financial industry saw a stunning 80% YoY increase in interactive intrusions: Defined as intrusions that use hands-on keyboard activity, interactive intrusions were up 40% overall.
- Access Broker advertisements increase by 147% on criminal or underground communities: Ready access to valid accounts for sale lowers the barrier to entry for eCrime actors looking to conduct criminal operations and allow established adversaries to hone their post-exploitation tradecraft to achieve their objectives with more efficiency.
“In our tracking of over 215 adversaries in the past year, we have seen a threat landscape that has grown in complexity and depth as threat actors pivot to new tactics and platforms, such as abusing valid credentials to target vulnerabilities in the cloud and in software,” said Adam Meyers, head of Counter Adversary Operations, CrowdStrike.
“When we talk about stopping breaches, we cannot ignore the undeniable fact that adversaries are getting faster and they are employing tactics intentionally designed to evade traditional detection methods. Security leaders need to ask their teams if they have the solutions required to stop lateral movement from an adversary in just seven minutes.”
