In recent research conducted by ReliaQuest, it has been found that the average time it takes for an attacker to move laterally after gaining initial access, known as breakout time, has significantly decreased to just 48 minutes. This represents a 2% increase in speed from the previous year, with some of the fastest recorded attacks taking as little as 27 minutes. The report titled “Racing the Clock: Outpacing Accelerating Attacks” highlights the alarming trend of cybercriminals increasing their attack speeds and evolving their tactics to expedite attacks.
One of the key factors contributing to the increase in attack speeds is the surge in Infostealers and Initial Access Brokers (IABs). Information-stealing malware saw a nearly doubled increase in 2024, with cybercriminals using stolen credentials to gain quick access to networks. Additionally, listings from IABs, which sell access to compromised systems, saw a massive spike of 142%. This trend indicates a growing reliance on stolen information to facilitate faster attacks.
Another significant trend identified in the report is the refinement of Ransomware-as-a-Service (RaaS) operations. Ransomware affiliates are adopting new and specialized strategies, such as help-desk scams, to deceive employees into granting them access. This evolution in tactics allows attackers to exploit vulnerabilities more efficiently and effectively, further reducing the time to exploitation.
Furthermore, threat actors are now utilizing artificial intelligence to automate reconnaissance, identify vulnerabilities faster, and refine attack strategies. By leveraging AI-driven attacks, cybercriminals are able to significantly reduce the time it takes to exploit systems and networks, posing a greater threat to organizations and their cybersecurity defenses.
In response to the escalating pace of cyber attacks, ReliaQuest emphasizes the importance of implementing automated defense mechanisms to match and surpass the speed of adversaries. The report underscores the necessity of incorporating automation into threat detection and response efforts, as manual processes are far too slow to contain attacks in a timely manner. Companies that utilize automated response playbooks can reduce containment time to under five minutes, highlighting the effectiveness of rapid defense strategies.
Key recommendations from the report include implementing automated response tools to detect and contain threats before they escalate, enhancing monitoring for exposed credentials on dark web marketplaces, strengthening authentication measures such as multi-factor authentication (MFA) and privileged access management (PAM), and regularly patching vulnerabilities to minimize exploitation windows.
In conclusion, traditional, manual defenses are no longer sufficient to combat the evolving tactics of cybercriminals. As the race for cybersecurity heats up, organizations must leverage automated tools and strategies to keep pace with the increasing speed of attacks. By adopting rapid and automated defense mechanisms, companies can better protect their systems and networks from malicious actors in the ever-changing cybersecurity landscape.