Introduction
In 2024 [1] [2], the cybersecurity landscape witnessed a troubling trend as threat actors significantly reduced the time required to move from initial access to lateral movement within networks. This development poses a substantial challenge for network defenders, as attacks become increasingly difficult to detect and contain [1].
Description
In 2024 [1] [2], threat actors demonstrated a significantly reduced breakout time [1], moving from initial access to lateral movement 22% faster than the previous year [1], with the average breakout time decreasing to 48 minutes. The fastest recorded breakout time was just 27 minutes [1], highlighting a concerning trend for network defenders as attacks become increasingly difficult to detect and contain once adversaries reach this stage [1].
ReliaQuest noted that organizations relying solely on manual incident containment strategies face a mean time to contain (MTTC) of 8 hours and 12 minutes [1], leaving them vulnerable to attackers who can infiltrate networks in under 30 minutes [1]. The increase in breakout speed is attributed to several factors [1], including a more than 50% rise in infostealer logs on the dark web and a 142% surge in initial access broker (IAB) listings [1].
In 2024, 50% of hands-on-keyboard activities utilized valid or exposed credentials for initial access [1], and 66% of ransomware incidents involved IAB-related access [1]. The role of IABs has become increasingly significant, as they facilitate quicker breaches by providing attackers with immediate entry, often with admin-level privileges or pre-installed backdoors [1]. This trend is further accelerated by the efficiency of Ransomware-as-a-Service (RaaS) operations and the use of AI tools, which enhance the speed of penetration testing and vulnerability exploitation [2]. Additionally, RaaS groups are employing specialized tactics [2], such as help-desk scams [2], to expedite their operations [2], allowing for quicker deployment of ransomware or data theft [1].
Conclusion
The rapid evolution of cyber threats necessitates a shift in defensive strategies. Organizations are urged to adopt automated incident response measures and integrate automated response playbooks to enhance their ability to manage incidents effectively. As threat actors continue to refine their techniques, the importance of proactive and adaptive cybersecurity measures will only grow, underscoring the need for continuous innovation in defense mechanisms.
References
[1] https://www.infosecurity-magazine.com/news/breakout-time-accelerates-22/
[2] https://www.hendryadrian.com/racing-the-clock-outpacing-accelerating-attacks-reliaquest/
