The Speed of Infiltration: How Hackers are Outpacing Defenders in Cyber Attacks
In December, roughly a dozen employees inside a manufacturing company received a tsunami of phishing messages that was so big they were unable to perform their day-to-day functions. A little over an hour later, the people behind the email flood had burrowed into the nether reaches of the company’s network. This is a story about how such intrusions are occurring faster than ever before and the tactics that make this speed possible.
The Speed and Precision of the Attack
The speed and precision of the attack—laid out in posts published Thursday and last month—are crucial elements for success. As awareness of ransomware attacks increases, security companies and their customers have grown savvier at detecting breach attempts and stopping them before they gain entry to sensitive data. To succeed, attackers have to move ever faster.
Breakneck Breakout
ReliaQuest, the security firm that responded to this intrusion, said it tracked a 22 percent reduction in the “breakout time” threat actors took in 2024 compared with a year earlier. In the attack at hand, the breakout time—meaning the time span from the moment of initial access to lateral movement inside the network—was just 48 minutes.
**The Importance of Breakout Time**
"For defenders, breakout time is the most critical window in an attack,” ReliaQuest researcher Irene Fuentes McDonnell wrote. “Successful threat containment at this stage prevents severe consequences, such as data exfiltration, ransomware deployment, data loss, reputational damage, and financial loss. So, if attackers are moving faster, defenders must match their pace to stand a chance of stopping them.”
A Decoy Attack
The spam barrage, it turned out, was simply a decoy. It created the opportunity for the threat actors—most likely part of a ransomware group known as Black Basta—to contact the affected employees through the Microsoft Teams collaboration platform, pose as IT help desk workers, and offer assistance in warding off the ongoing onslaught.
Conclusion
The speed and precision of the attack are a cause for concern, as it highlights the need for defenders to keep pace with the evolving tactics of threat actors. The reliance on decoy attacks and the ability to move quickly through a network are key elements in the success of these attacks. As the threat landscape continues to evolve, it is crucial that security companies and their customers prioritize the need for speed and precision in their defense.
Frequently Asked Questions
Q: What is breakout time in the context of a cyber attack?
A: Breakout time refers to the time span from the moment of initial access to lateral movement inside a network.
Q: What is the average breakout time in 2024 compared to a year earlier?
A: There was a 22 percent reduction in breakout time in 2024 compared to a year earlier.
Q: What is the name of the ransomware group suspected to be behind the attack?
A: The ransomware group suspected to be behind the attack is known as Black Basta.
Q: What was the purpose of the spam barrage in the attack?
A: The spam barrage was a decoy, creating an opportunity for the threat actors to contact the affected employees and pose as IT help desk workers.
