Attack Breakout Time Drops To Just 84 Minutes

I have some bad news if you’re responsible for defending your organization against threat actors.

Attackers have reduced the average time required to move laterally through systems by 14% last year, down to just 84 minutes, according to a new report out by Crowdstrike, giving defenders even less time to contain breaches after the initial breakout. 

Increasing the difficulty for defenders, a full 71% of the attacks used valid credentials for access, as opposed to malware, making detection by automated systems extremely difficult, up from 62% in 2021. Using “hands on keyboard” techniques make it harder for traditional anti-malware tools to detect activity according to CrowdStrike.

Like I said, this is bad news.

Ted Miracco, CEO of Approov Mobile Security:

   “It’s important to note that no single security measure can completely prevent all types of attacks, especially social engineering attacks. That said, mobile app attestation, runtime secrets protection, and RASP can all be highly effective measures in preventing credential access, SIM swapping, and MFA fatigue in mobile applications. 

   “Attestation techniques can help not only ensure that only genuine apps, and not tampered or cloned versions, are accessing APIs, it also uses the authorized application seamlessly as the second factor before accessing sensitive data. By verifying the integrity of the app at runtime, it both prevents attackers from injecting malicious code or accessing sensitive data. Runtime secrets protection can ensure that only valid app instances running in un-compromised environments can access the API keys and secrets stored in the cloud. This can prevent attackers from accessing these secrets even if they manage to gain control of the device. RASP can monitor, detect, and instantly block computer attacks, including new threats that were unforeseen during development. By continuously analyzing app behavior and detecting anomalies, RASP can prevent “interactive intrusions” and other types of attacks.

   “It’s best to use a combination of security measures, including those mentioned above, along with other security best practices such as proper authentication and authorization, encryption, and regular security testing and updates.”

The fact that attacks are getting faster and faster to execute means that we all have to work much harder to stop organizations from being victims. And the approach outlined above can certainly help with that… If everyone adopts that approach.

Leave a Reply

%d bloggers like this: