Russian state-sponsored attackers take just 20 minutes to infiltrate networks, claims CrowdStrike

North Korean threat groups are the second fastest

Russian state-sponsored attackers are the fastest among the top cyber adversaries in breaching networks, according to CrowdStrike's 2019 Global Threat Report, which ranks threat actors of Russia, North Korea, Iran and China, based on their "breakout time".

Breakout time refers to the time taken by an intruder from breaching the first system on a network to gaining broader access across the network. The metric is crucial for organisations as they have only that much time to identify the infected systems and isolate them before further attacks compromise the entire network.

The report finds that the 'breakout time' continues to shrink as attackers hone their skills and tactics. Russian nation-state actors, such as Fancy Bear, are the fastest adversaries with an average breakout time of less than 19 minutes.

The report, which is based on an analysis of more than 30,000 breach attempts in 2018, ranks North Korean nation-state actors as the second fastest with an average breakout time of 2 hours 20 minutes 14 seconds.

Chinese state-sponsored groups averaged 4 hours and 26 seconds, while Iranian threat groups averaged 5:09:04 hours.

Independent global cybercrime actors, also called eCrime actors, were the slowest adversaries in 2018 with an average breakout time of nine hours 42 minutes 23 seconds - although some eCrime groups can compete with even the fastest nation-states.

According to the report, nation-state adversaries operated constantly throughout 2018, targeting foreign powers, regional adversaries and dissidents to gather information for decision-makers.

Many countries claimed through diplomatic channels and the media that they were taking steps to curb cyber-activities, but nothing concrete was done on the ground. About 50 per cent of the nation-state attacks identified in 2018 were carried out by threat groups based in North Korea and China.

Sixty per cent of all cyber-attacks involved some form of malware.

It was also noted that cyber crime gangs are now adopting the strategy of "big game hunting", where they conduct targeted attacks against big organisations and demand huge ransom at a time.

"As companies continue to strengthen their security postures, adversaries are adopting more sophisticated techniques to hide their exploits and maintain their foothold," said Jennifer Ayers, vice president of OverWatch and Security Response at CrowdStrike.

"Augmenting prevention, detection, and response with vigilant, real-time, 24/7 threat hunting is required to identify the clandestine actions of these actors as soon as possible in situations where time is of the essence," she added.