Russian nation-state hackers are nearly 12 times faster on average than their Chinese counterparts when it comes to “breakout” speed – the time between compromising the first machine and when they can move laterally to other systems on the network.
That’s according to California-based CrowdStrike’s annual threat report, published today, which it says is based on more than 30,000 breach attempts stopped in 2018.
The cybersecurity company says Russian nation-state actors were the fastest adversaries with an average breakout time of 18:49 minutes, over 12 times faster than Chinese nation state actors, who are either less technically adept or just more cagey: they average 4:00:26 on average. (North Koreans were second fastest, at 2:20:14 hours.)
The report focuses on Russian, North Korean, Chinese, Iranian and eCrime actors. (No comparative speeds are given for British, French, Israeli or US nation-state hackers –– unlikely as they are to be identified or tracked by the company – all of whom are regarded by industry experts to be among the world’s best.)
Averages, of course, paint a lopsided picture: when Jeff Bezos walks into a room, everyone becomes a billionaire, on average; CrowdStrike says it hopes to offer more granular metrics next time.
“We are in an Arms Race”
CrowdStrike said: “This report’s findings on adversary tradecraft and speed reflect what many defenders already know: we are in a veritable ‘arms race’ for cyber superiority.”
“However, there are some important differences between an arms race in the cybersphere versus the physical world: In cyberspace, any player can potentially become a superpower. The capital costs are alarmingly low, compared to funding a physical war machine.”
One of the most significant trends in eCrime for 2018 was the continued rise of “Big Game Hunting,” the practice of combining targeted, intrusion-style tactics for the deployment of ransomware across large organizations, the company said.
Another trend identified by CrowdStrike Intelligence is that the industries at the top of the target list for malware-free intrusions include media, technology and academia; these sectors need to aggressively strengthen their defenses against more sophisticated, modern attacks, the company notes.
“As companies continue to strengthen their security postures, adversaries are adopting more sophisticated techniques to hide their exploits and maintain their foothold,” said Jennifer Ayers, vice president of OverWatch and Security Response at CrowdStrike.
“Augmenting prevention, detection, and response with vigilant, real-time, 24/7 threat hunting is required to identify the clandestine actions of these actors as soon as possible in situations where time is of the essence.”