They need less time to start hacking than any other “government” hackers.
Hackers associated with the Russian government penetrate the system eight times faster than “colleagues” from North Korea, China, Iran and common criminals. Russian groups get full access to the system on average in just 18 minutes and 49 seconds. This is reported in the report of the research company CrowdStrike.
In second place in terms of speed, North Korean hackers, who are twice as fast as “colleagues” from China, are located. It takes about two hours for groups from the DPRK to start receiving privileges in the system and stealing data. And Chinese and Iranian hackers do the same task in about 4-5 hours.
CrowdStrike measured the “penetration rate” – the time it takes for a group to invade the system and start stealing data. To do this, CrowdStrike analyzed 30 thousand cases of hacking in 2018 and compared them to each other. Researchers believe that lately the “penetration rate” is more important than the fact of hacking: experts have learned to quickly repel attacks, but the faster the hackers, the more damage they can cause.
As the technical director of CrowdStrike Dmitry Alperovich noted, modern hackers act quickly and spend time on preparation, and not on the hacking itself. As an example, he cited the case of the group Cozy Bear. Then the hackers got admin rights in the system and full access in 10 minutes from the moment when the victim clicked on the phishing link.
Alperovich explained that government hackers prefer not to give the process of hacking to third parties, but to buy vulnerabilities. According to him, this means that they have “a lot of money.”
If they have a victim, they crack it as soon as possible and complete the task before they are spotted. “Defenders” must be prepared. Our data shows not only how fast hackers move, but also how quickly you need to work to drive them out.
Dmitry Alperovichtechnical director CrowdStrike
The CrowdStike report also says that in 2018, hackers were more active than ever before. The company noted that despite the public discontent of countries with hacking, behind the scenes, cyber espionage activity has doubled. At the same time, according to researchers, in 2018, the total rate of penetration into the system slowed down more than twice – up to 4.5 hours.
CrowdStrike is known for fighting Russian hackers. The company’s specialists were the first to discover the hacking of the resources of the US Democratic Party by groups from Russia in 2016. In addition, the staff of CrowdStrike helped in the fight against the GameOverZeus botnet, the creation of which is attributed to the Russian hacker Eugene Bogachev.