The average time it takes for an attacker to move laterally after gaining initial access – known as breakout time – has plummeted to just 48 minutes, new research from ReliaQuest has revealed.
These results represent a 2% increase in speed from the previous year, with some of the fastest recorded attacks taking as little as 27 minutes. According to ReliaQuest, “this quicker infiltration leaves organizations with even less time to respond, making automated defenses crucial in matching – and surpassing – the speed of adversaries.”
Cybercriminals Pick Up the Pace
The ReliaQuest report, titled Racing the Clock: Outpacing Accelerating Attacks, highlights how cybercriminals have evolved their tactics over the past year to expedite attacks. According to the report, the increase in attack speeds can be attributed to three key trends:
- Surge in Infostealers & Initial Access Brokers (IABs): The use of information-stealing malware nearly doubled in 2024, with cybercriminals leveraging stolen credentials to gain quick access to networks. Listings from IABs, which sell access to compromised systems, skyrocketed by 142%.
- Refined Ransomware-as-a-Service (RaaS) Operations: Ransomware affiliates are adopting new, specialized strategies, such as help-desk scams, to trick employees into granting them access.
- AI-Driven Attacks: Threat actors are now using artificial intelligence to automate reconnaissance, identify vulnerabilities faster, and refine attack strategies, significantly reducing time to exploitation.
Defensive Strategies: Fighting Fire with Fire
As cybercriminals increase their attack speeds, ReliaQuest highlights the importance of adopting equally rapid defense mechanisms, urging organizations to incorporate automation into their threat detection and response efforts.
According to the report, security teams relying solely on manual processes take an average of 8 hours and 12 minutes to contain an attack – far slower than the 48-minute average breakout time. In contrast, companies using automated response playbooks can reduce containment time to under five minutes.
Key recommendations from the report include:
- Implementing automated response tools to detect and contain threats before they escalate.
- Enhancing monitoring for exposed credentials on dark web marketplaces.
- Strengthening authentication measures, such as multi-factor authentication (MFA) and privileged access management (PAM).
- Regularly patching vulnerabilities to minimize exploitation windows.
The key takeaway here is that traditional, manual defenses are no longer enough to keep cybercriminals at bay. The race for cybersecurity is getting quicker by the day, and only with automated tools can we keep pace.
Josh is a Content writer at Bora. He graduated with a degree in Journalism in 2021 and has a background in cybersecurity PR. He's written on a wide range of topics, from AI to Zero Trust, and is particularly interested in the impacts of cybersecurity on the wider economy.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.