Hackers Are Getting Faster—48 Minutes And You’re Cooked

With vulnerabilities in everything from Nvidia GPU drivers to the Google Chrome web browser confirmed in the last few days, you hardly need to be told how important it is to always “update now.” But, just in case you needed any prodding, as hackers continue to attack with ferocity, they are managing to do so in ever less time. The speed of hacking, from initial access to lateral movement, is now just 48 minutes. The update now mantra has never been more critical. Here’s what you need to know.

ForbesHow To Get Windows 11 For Free Before Windows 10 Support EndsBy Davey Winder

Hackers Are Getting Faster—And That’s Bad News For Everyone

A Jan. 28 analysis of customer security incidents reported to ReliaQuest across the entirety of 2024 has produced a rather shocking statistic: the breakout time for hackers exploiting a system has increased by 22% from the 2023 research and now stands at just 48 minutes on average. Breakout time is the time it takes the hackersto move from initial access to a system through to lateral movement within it. The fastest incident achieved lateral movement in just 27 minutes, the researchers said. “This quicker infiltration leaves organizations with even less time to respond,” Irene Fuentes McDonnell, a cyber threat researcher at ReliaQuest, warned, “making automated defenses crucial in matching—and surpassing—the speed of adversaries.”

The main factors driving this exploit acceleration for adversarial hackers, according to McDonnell, were:

• Initial access brokers capitalizing on the surge in information-stealing malware that provides them with the ability to provide hackers with a quick and easy way to launch attacks.
• More efficiency in the ransomware-as-a-service ecosystem enabling cybercrime affiliates to adopt more specialized strategies like help-desk attacks to accelerate and refine their attacks.
• Hackers are using AI to boost the capabilities of penetration testing tools that enable them to identify vulnerabilities in systems faster.

ForbesAmazon Prime Security Warning As Hackers Strike—What You Need To KnowBy Davey Winder

How Hackers Are Speeding Up According To The Latest Threat Intelligence

The ReliaQuest analysis also revealed a number of other speed-related statistics that show just how the hacking threat is accelerating. While McDonnell said that “breakout time is the most critical window in an attack,” as successful threat containment at this stage prevents consequences “such as data exfiltration, ransomware deployment, data loss, reputational damage, and financial loss,” that doesn’t mean it’s the only speed-related statistic you should be paying close attention to. In fact, I’d argue that the 18 days it takes a hacker to attack from the discovery of a vulnerability, an incredible decrease of 62% from the 2023 number of 47 days, is even more critical. Leave it too long to update following a patch being made available, and you are simply inviting the hackers to attack.