A graph showing the relative breakout time of state-sponsored (and independent) cyber threat groups.

A graph showing the relative breakout time of state-sponsored (and independent) cyber threat groups. Crowdstrike

Science & Tech

You Have 19 Minutes to React If the Russians Hack Your Network

After Moscow's hackers breach one PC, that network's defenders have less than a half-hour to prevent wider data theft or destruction, a new report finds.

Patrick Tucker

|
Patrick Tucker
By Patrick Tucker
Science & Technology Editor, Defense One

Nineteen minutes. That’s how long the average victim of a Russian state-sponsored hacking group has to react before the initial penetration of a network becomes wider access, theft, and destruction, according to data published today by computer security company CrowdStrike.

By comparison, the second-fastest groups were North Koreans, who needed an average of two hours to jump from the first compromised computer to the second; Chinese groups needed an average of four hours.

Dubbed “breakout time,” the statistic refers to the amount of time it takes the attacker to jump between network nodes once on the network. It also “shows how much time defenders have on average to detect an initial intrusion, investigate it and eject the attacker from the network, before sensitive data can be stolen or destroyed,” CrowdStrike analysts wrote in a 2018 post introducing the concept.  

The agility of Russian groups has long been known; it was a signature element of both the 2015 penetration of the Joint Chiefs’ civilian email system and the following year’s attack on the Democratic National Committee’s network. But the new data is eye-opening.

“The stats are likely driven by a cross of several factors: the skills and capability of each; the relative risk calculus each is making in their likelihood of getting caught and the consequences; to whether they are just exploring for targets that present themselves or going into a predetermined target with something very specific in mind. But an average of 18 minutes is really quite amazing given the scale. Game respects game,” said Peter Singer, a senior fellow at New America and author, most recently, of LikeWar: The Weaponization of Social Media.

The CrowdStrike report also notes that Chinese activity has been increasing against the United States, reiterating earlier findings by government and industry analysts.  

But the threat posed by Russia remains key in the minds of lawmakers and intelligence professionals. During a recent Senate Armed Services Committee hearing, Sen. Richard Blumenthal, D-Conn., hinted at certain classified “successes” by U.S. Cyber Command against Russian hackers in 2018.

“The threat from Russia remains unabated. Can you say that in public?” asked Blumenthal of Gen. Paul Nakasone, the head of U.S. Cyber Command and the NSA.

Nakasone responded, “Russia provides a sophisticated threat to our nation.”

In 2018, the Russians targeted defense and military entities throughout Europe and NATO as well as think tanks, the PyeongChang Winter Olympic Games, and even the Swiss lab working the Skirpal poisoning case.

While Russian election disruption didn’t really happen in 2018, it remains a threat. Chris Krebs, DHS Cybersecurity and Infrastructure Security Agency Director, told reporters last week, “We are doubling down [on election security] in advance of the 2020 election...Despite what some of the reporting might be, election security and countering foreign influence efforts aren’t going anywhere.”

The CrowdStrike data further cements Russian cyber operators’ reputation as aggressive and effective, echoing earlier analysis

In a 2017 paper, researchers from Arizona State University revealed that a propensity to exploit a particular known vulnerability depended greatly on whether the attackers were Chinese, Russian, or American, etc. The researchers looked at Dark Web chatrooms where hackers were actively discussing recently disclosed vulnerabilities to hit the National Vulnerabilities Database. If the hackers discussing the bug were Chinese, the chances of someone trying to exploit the vulnerability in question was nine percent. But if the conversation was in Russian, the probability of hacker attempting to exploit the flaw was 40 percent.

“The Russians are the most aggressive and risk-tolerant because they’ve broken so many international norms and faced so few repercussions that they don’t really believe there will be any serious consequences to their action,” said Mike Carpenter, a former deputy assistant defense secretary for Russia, Ukraine, and Eurasia who now helps lead the Biden Center for Diplomacy and Global Engagement at the University of Pennsylvania. “That’s partly why the Russians are so comfortable going beyond network intrusion and actually manipulating data or taking down power systems, as they’ve done in Ukraine.”

NEXT STORY: DARPA Thinks AI Could Help Troops Telepathically Control Machines

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.