Less than 19 minutes! This is the amount of time to react to an attack on a corporate network. Beyond this, hackers can permanently compromise network security and steal as much data as possible. At this little game, Russian pirates are by far the strongest. Explanations.





CrowdStrike, an American company specializing in cybersecurity, has just released a report on network attacks. This study looks closely at the time needed to infiltrate a local network, including the different groups of state-sponsored hackers. The results are impressive: in just 19 minutes, hackers can compromise the security of the network and access all sensitive information found there.





The report, which focuses on attacks in 2018, reveals a number of fundamental trends. First of all a bonus hunt, where hackers infect machines with "ransomware", a virus that takes computers hostage by claiming payment. Conversely, attacks that do not use viruses primarily target the media, technology industries, and education. The researchers also noted a trend towards collaboration between groups with the most sophisticated methods. In addition, some attacks from China, Iran, and Russia have specifically targeted the telecommunications sector, presumably for espionage activities.

The CrowdStrike report takes stock of the threats of the moment. Among the groups of hackers, the fastest are the Russians. They manage to grab a network in less than 19 minutes. © Capture CrowdStrike





The concept of "breakout time"





Analysts were interested in a specific time, called "breakout time", literally the time of the escape. From the moment the first computer is compromised by an attack coming from the Internet, the breakout time corresponds to the time necessary to compromise a second machine on the network. The most difficult is usually to find an entry point. Computers are usually protected against attacks from the Internet, but not against those coming from the internal network. Once they control one device, crossing the safety of others is much faster.





In this publication, based on the study of more than 30,000 attacks in 2018, Russian teams are by far the most effective. They succeed in just 18 minutes and 49 seconds on average to compromise a second computer on a network. This means that a targeted network administrator has less than 19 minutes to detect the intrusion and block it before seeing their network begin to fall into the hands of the attackers.





The Russians, by far the fastest





Each team and each attack is different, and the calculated times are an average for the different groups of each type of actor identified. CrowdStrike has identified five different ones, with the Russians largely in the lead. Second place goes to North Koreans, with an average breakout time of two hours and twenty minutes. If this time is much longer than that of the Russians, it nevertheless leaves an extremely short time for a system administrator to detect the intrusion and react. The Chinese groups take third place, with an average time of four hours. Then come the Iranians, with a total of five hours and nine minutes. The last category is electronic crime groups that operate globally, with no specific state affiliation. Their average time is nine hours and forty-two minutes, but the report points out that some actors can be very fast and compete with the best of the other groups.



