Threat actors are becoming more expedient in infiltrating networks and executing attacks, according to ReliaQuest, whose annual security report found that the time from infiltration to exploitation of data is less than four-and-a-half hours.
The security provider said an attacker can move from the initial compromise to lateral movement (aka “total pwnage”) in roughly 48 minutes on average. From there, the threat actors skip across a network until they can access the database holding sensitive information such as customer details.
In total, the process will take 4 hours and 29 minutes on average, well under the threshold for administrators to spot and resolve an attack.
“Once attackers have a foot in the door, their path forward is clear; escalate privileges, move laterally, and achieve their objectives — whether that’s stealing sensitive data or crippling operations,” the ReliaQuest team explained.
“Post-exploitation is where the real damage happens, and attackers are moving faster than ever.”
According to ReliaQuest, the problem is that the bad guys are not using any sort of novel new tactics or zero-day exploits to infiltrate their targets. Rather, it is the same old song and dance of social engineering via phishing emails and targeted cons against high-value targets, such as senior executives and administrators.
“Though attackers are moving faster, they’re still using tried-and-tested methods like phishing to achieve initial access,” the researchers explained.
“They cast a wide net, indiscriminately targeting organizations with minimal effort and often causing significant damage. The year’s high count of disclosed vulnerabilities provided cybercriminals with entry points, while software suppliers remained a top target as a way to infiltrate organizational networks.”
For ReliaQuest, which specializes in the use of AI in networking monitoring and security response, the answer is unsurprisingly the adoption of AI security solutions. The security provider suggested that having AI agents on the ground monitoring activity can help organizations spot and resolve breaches in real time.
“Time is the enemy in cybersecurity,” said Michael McPherson, ReliaQuest senior vice president of technical operations.
“Attackers are moving faster than ever, which means our defenses must speed up as well. Manual responses are no longer sufficient to stop today’s threats. We have to take advantage of automation and AI to stay ahead.”
Cynicism aside, the vendor makes a solid point. The figures presented in the report show that as attackers become more efficient in scouting and penetrating their targets, network defenders should probably look to AI as a means for catching and resolving attack attempts that in some cases could be targeting the administrator’s own credentials.
“Attackers are abusing high-privileged, valid accounts at both the domain and local levels to achieve short breakout times,” ReliaQuest said in its report.
“Once inside an environment, attackers quickly assess the permissions of the compromised account.”
