The amount of time it took a threat actor to move laterally across a network decreased by 67% between 2020 and 2021, according to CrowdStrike's latest Threat Hunting Report released Wednesday.
The report, titled "Nowhere to Hide, 2021 Threat Hunting Report: Insights from the Falcon OverWatch Team," is the latest in a series of annual studies published by CrowdStrike's managed threat hunting team. The roughly 70-page report covers all manner of insights related to threat response and represents the period between July 1, 2020 to June 30 of this year.
One of the key statistics in the report involves breakout times -- the time it takes for a threat actor to move laterally from one compromised host to another within the same network.
The average breakout time in the past year was 1 hour 32 minutes, down from 4 hours 37 minutes in 2020. The report adds that "OverWatch found that in 36% of those intrusions, the adversary was able to move laterally to additional hosts in less than 30 minutes." Conversely, CrowdStrike's 2019 report showed an increase in breakout time from 1 hour 58 minutes to 4 hours 37 minutes.
Param Singh, vice president of Falcon OverWatch at CrowdStrike, told SearchSecurity that he sees two reasons why the average breakout time decreased: ransomware as a service and the move to bigger targets. Specifically, ransomware as a service has lowered the barrier for would-be cybercriminals to conduct attacks, and the ecosystem has created more powerful tools and methods to deal with larger networks.
"If you go back five years, ransomware attackers were going after individuals. Today, they ..
Support the originator by clicking the read the rest link below.
