Russian hackers eight times quicker than North Koreans, need under 20 minutes to wreak havoc: Report

February 19, 2019 GMT

Victims targeted by Russian state-sponsored hackers typically have less than 20 minutes to prevent an initial intrusion from becoming a full-blown breach, a leading U.S. cybersecurity firm warned Tuesday.

CrowdStrike, the security company hired by the Democratic National Committee on the heels of being hacked during the 2016 elections, ranked Russia as the fastest among foreign adversaries in terms of “breakout time” a metric the firm uses to measure how long it takes before an attacker typically begins moving laterally to other systems in the same network.

Moscow’s hackers take an average of 18 minutes and 49 seconds to spread within networks, making them nearly eight times as fast as hackers working for North Korea, the next quickest adversary, CrowdStrike reported. Pyongyang’s hackers usually take around 2 hours and 2 minutes to begin moving laterally, while Chinese and Iranian hackers averaged a little more than 4 hours and 5 hours, respectively, the report said.

The report, “Adversary Tradecraft and The Importance of Speed,” ranked state-sponsored hackers based on more than 30,000 breaches thwarted by CrowdStrike during 2018, according to the firm.

“Breakout time is important because it represents the time limit for defenders to respond to and contain or remediate an intrusion before it spreads widely in their environment and leads to a major breach,” the report said.

“The threat landscape is evolving at an unprecedented rate, and with every breach, a company’s survival may be put on the line,” added Adam Meyers, CrowdStrike’s vice president of intelligence. “Organizations can’t afford a passive approach to securing their assets.”

Headquartered in Silicon Valley, CrowdStrike’s clients include companies and government agencies across 176 countries, its report said. The DNC notably hired CrowdStrike in response to a hacking campaign that targeted Democrats during the 2016 race. CrowdStrike’s security experts ultimately determined that the DNC had been breached by separate groups, dubbed “Cozy Bear” and “Fozy Bear,” both widely believed to be associated with the Russian government.

Federal investigators have since alleged that Russian hackers were able to breach the DNC by first compromising the Democratic Congressional Campaign Committee, a fundraising arm of the party, and stealing the credentials of a DCCC employee authorized to access the DNC network.

Armed with the stolen credentials, Russian hackers were able to gain access to roughly 33 computers belonging to the DNC during a two-month span in 2016, in turn allowing them to steal additional material subsequently leaked online in the presidential race’s final months, federal prosecutors alleged in court filings.

Russia has denied hacking Democratic targets during the race.