Litwin
Diamond Member
You Have 19 Minutes to React If the Russians Hack Your Network
After Moscow's hackers breach one PC, that network's defenders have less than a half-hour to prevent wider data theft or destruction.
"Nineteen minutes. That’s how long the average victim of a Russian state-sponsored hacking group has to react before the initial penetration of a network becomes wider access, theft, and destruction, according to data published today by computer security company CrowdStrike. By comparison, the second-fastest groups were North Koreans, who needed an average of two hours to jump from the first compromised computer to the second; Chinese groups needed an average of four hours. Dubbed “breakout time,” the statistic refers to the amount of time it takes the attacker to jump between network nodes once on the network. It also “shows how much time defenders have on average to detect an initial intrusion, investigate it and eject the attacker from the network, before sensitive data can be stolen or destroyed,” CrowdStrike analysts wrote in a 2018 post introducing the concept. The agility of Russian groups has long been known; it was a signature element of both the 2015 penetration of the Joint Chiefs’ civilian email system and the following year’s attack on the Democratic National Committee’s network. But the new data is eye-opening.
Sen. Richard Blumenthal, D-Conn., hinted at certain classified “successes” by U.S. Cyber Command against Russian hackers in 2018. “The threat from Russia remains unabated. Can you say that in public?” asked Blumenthal of Gen. Paul Nakasone, the head of U.S. Cyber Command and the NSA. Nakasone responded, “Russia provides a sophisticated threat to our nation.” The CrowdStrike data further cements Russian cyber operators’ reputation as aggressive and effective, echoing earlier analysis. “The Russians are the most aggressive and risk-tolerant because they've broken so many international norms and faced so few repercussions that they don’t really believe there will be any serious consequences to their action,” said Mike Carpenter, a former deputy assistant defense secretary for Russia, Ukraine, and Eurasia who now helps lead the Biden Center for Diplomacy and Global Engagement at the University of Pennsylvania. “That’s partly why the Russians are so comfortable going beyond network intrusion and actually manipulating data or taking down power systems, as they've done in Ukraine.”
Kremlin hackers attacking Ukraine have taken out entire electric grids (2015/2016) and attacked (2017) the country’s government, top energy companies, private/state banks, the main airport, and Kyiv’s metro system using the WannaCry and NotPetya malware. These attacks are RL practice operations for attacking NATO/Western military/power/finance/infrastructure targets.
Related: Key Trends From the CrowdStrike 2019 Global Threat Report
After Moscow's hackers breach one PC, that network's defenders have less than a half-hour to prevent wider data theft or destruction.
"Nineteen minutes. That’s how long the average victim of a Russian state-sponsored hacking group has to react before the initial penetration of a network becomes wider access, theft, and destruction, according to data published today by computer security company CrowdStrike. By comparison, the second-fastest groups were North Koreans, who needed an average of two hours to jump from the first compromised computer to the second; Chinese groups needed an average of four hours. Dubbed “breakout time,” the statistic refers to the amount of time it takes the attacker to jump between network nodes once on the network. It also “shows how much time defenders have on average to detect an initial intrusion, investigate it and eject the attacker from the network, before sensitive data can be stolen or destroyed,” CrowdStrike analysts wrote in a 2018 post introducing the concept. The agility of Russian groups has long been known; it was a signature element of both the 2015 penetration of the Joint Chiefs’ civilian email system and the following year’s attack on the Democratic National Committee’s network. But the new data is eye-opening.
Sen. Richard Blumenthal, D-Conn., hinted at certain classified “successes” by U.S. Cyber Command against Russian hackers in 2018. “The threat from Russia remains unabated. Can you say that in public?” asked Blumenthal of Gen. Paul Nakasone, the head of U.S. Cyber Command and the NSA. Nakasone responded, “Russia provides a sophisticated threat to our nation.” The CrowdStrike data further cements Russian cyber operators’ reputation as aggressive and effective, echoing earlier analysis. “The Russians are the most aggressive and risk-tolerant because they've broken so many international norms and faced so few repercussions that they don’t really believe there will be any serious consequences to their action,” said Mike Carpenter, a former deputy assistant defense secretary for Russia, Ukraine, and Eurasia who now helps lead the Biden Center for Diplomacy and Global Engagement at the University of Pennsylvania. “That’s partly why the Russians are so comfortable going beyond network intrusion and actually manipulating data or taking down power systems, as they've done in Ukraine.”
Kremlin hackers attacking Ukraine have taken out entire electric grids (2015/2016) and attacked (2017) the country’s government, top energy companies, private/state banks, the main airport, and Kyiv’s metro system using the WannaCry and NotPetya malware. These attacks are RL practice operations for attacking NATO/Western military/power/finance/infrastructure targets.
Related: Key Trends From the CrowdStrike 2019 Global Threat Report
