Criminal hackers working on behalf of the Russian government are the fastest 鈥 by far 鈥 among all nation-state actors at breaking into computer networks and reaching other connected systems, a new threat report has found.
鈥淏ears,鈥 as they are called in , registered average 鈥渂reakout times鈥 of 18 minutes and 49 seconds.
James Yeager, vice president of public sector and health care at the firm, defines breakout time as “the critical window between when an intruder compromises the first machine and when they can move laterally to other systems on the network.”
Crowdstrike鈥檚 report said North Korean hackers, called 鈥淐hollimas,鈥 are the second-fastest, with an average breakout time of 2 hours, 20 minutes and 14 seconds. Chinese nation-state actors, known as 鈥減andas,鈥 were clocked at 4 hours, 0 minutes and 26 seconds. “Kittens” are Iranian nation-state actors, who average 5 hours, 9 minutes and 4 seconds.聽
A separate group of hackers called eCrime actors, or 鈥渟piders,鈥 averaged 9 hours, 42 minutes and 23 seconds. But the report noted some eCrime actors are just as fast as highly skilled nation-state actors.
CrowdStrike based their ratings on more than 30,000 breach attempts that were thwarted in 2018. The report analyzes comprehensive threat data from various proprietary platforms, including the聽, a large, scalable, cloud-based graph database that processes 1 trillion events a week across 176 countries.
The hackers are principally engaged in an activity called 鈥渂ig game hunting.鈥 Yeager said that鈥檚 鈥渢he practice of combining targeted, intrusion-style tactics for the deployment of ransomware across large enterprises.鈥
In addition to big game hunting, CrowdStrike identified a trend of increased collaboration between highly sophisticated eCrime threat actors. The report said, 鈥淭he use of geo-targeting to support multiple eCrime families was observed through a variety of tactics.”
The industries at the top of the target list for malware-free intrusions include media, technology and academia, highlighting the need to aggressively strengthen their defenses against more sophisticated, modern attacks.
To defend against such aggressive actors, Yeager recommended what he calls the 1-10-60 strategy.
鈥淵ou need to be able to detect an intrusion in 60 seconds or less, [and] perform a full investigation within 10 minutes or less. And, within an hour, you need to be able to fully remediate the intrusion and kick the bad guys out of your environment,鈥 Yeager said.
SIGN UP TODAY for J.J. Green鈥檚 new national security newsletter, “Inside the SCIF.” The weekly email delivers unique insight into the intelligence, national security, military, law enforcement and foreign policy communities.
