Cyber threats are mounting on organizations, accelerated by the rapid shift to work from home. The 2021 Threat Hunting Report provides insights into various threats. However, one such interesting threat that we will talk about here is the increased speed of lateral movement across networks.

Some stats your way

  • The amount of time it takes an attacker to laterally move across a network decreased by 67% between 2020 and 2021. 
  • The average breakout time was reduced to 1 hour and 32 minutes from 4 hours and 37 minutes.
  • In 36% of intrusions, the threat actors were able to move to additional hosts in less than 30 minutes. 
  • The report notes that around 75% of all intrusions were financially motivated.
  • Meanwhile, 24% accounted for state-sponsored intrusions and about 1% was attributed to hacktivism.

Explaining the stats

The researchers believe that RaaS plays a crucial role in the plunging average breakout time. Automated tools are readily available in the dark web for threat actors to buy and automate lateral movement, thus, reducing the breakout time. In addition to that, RaaS businesses have extensive documentation, driving the ability to speed up lateral movement.

A brief glance into other intrusive campaigns

The past year witnessed a 60% rise in intrusion activities
  • Threat actors have transcended malware; they are now adopting techniques to evade detection. In the past three months, 68% of attacks were malware-free. 
  • The big game hunting model has given a boost to initial access brokers, giving rise to intrusive campaigns globally. 

In addition to the aforementioned factors, the work from home culture was cherry on the top as it rolled down the red carpet for hackers via unprotected local networks.

The bottom line

Cybercrime actors are constantly evolving and finding new ways to infiltrate and establish persistence in corporate networks. Moreover, ever since the RaaS business gained immense popularity, it has opened up new doors for threat actors from every skill set. Defenders are recommended to monitor their environments for potential intrusion activities.

Cyware Publisher

Publisher

Cyware