This post is also available in: עברית (Hebrew)
Russian hacking attacks leave the victim with a mere 19 minutes to respond to an attack, according to data published by computer security company CrowdStrike. By comparison, the second-fastest groups were North Koreans, who needed an average of two hours to jump from the first compromised computer to the second; Chinese groups needed an average of four hours.
Dubbed “breakout time,” the statistic refers to the amount of time it takes the attacker to jump between network nodes once on the network. The statistic also “shows how much time defenders have on average to detect an initial intrusion, investigate it and eject the attacker before sensitive data can be stolen or destroyed,” CrowdStrike analysts wrote in a 2018 post introducing the concept.
The new data is eye-opening. “These stats are driven by a whole variety of factors, among them the skills and capability, the relative risk each is making in their likelihood of getting caught and the consequences. No matter how you look at it, an average of 18 minutes is quite amazing given the scale,” said Peter Singer, an author, most recently, of
the threat posed by Russia remains key in the minds of lawmakers and intelligence professionals.
In 2018, the Russians targeted defense and military entities throughout Europe and NATO as well as think tanks and the PyeongChang Winter Olympic Games.
Chris Krebs, DHS Cybersecurity and Infrastructure Security Agency Director, told defenseone.com recently, “We are doubling down on election security in advance of the 2020 election. Despite what some of the reporting might be, election security and countering foreign influence efforts aren’t going anywhere.”
The CrowdStrike data further cements Russian cyber operators’ reputation as aggressive and effective, echoing earlier analysis
In a 2017 paper, researchers from Arizona State University revealed that exploiting a particular known vulnerability depended greatly on whether the attackers were Chinese, Russian, or American, etc. The researchers looked at Dark Web chatrooms where hackers were actively discussing recently disclosed vulnerabilities to hit the National Vulnerabilities Database. If the hackers discussing the bug were Chinese, the chances of someone trying to exploit the vulnerability in question was nine percent. But if the conversation was in Russian, the probability of hacker attempting to exploit the flaw was 40 percent.