You have just 18 minutes to react if Russian state-sponsored hackers breach your computer network.
This “breakout time” encompasses the entire process of gaining access to a single computer before moving laterally through the entire network of an organisation.
Once hackers have access to the network they can steal, encrypt or delete sensitive data, hijack core computing functions or monitor computer activity without knowledge.
Data comes from cyber security company CrowdStrike’s 2019 Global Threat Report, which explored the speed of attacks from major state-sponsored hacking groups and criminal actors based on data from 30,000 intrusion attempts.
The report is timely given Prime Minister Scott Morrison revealed earlier this week that a “sophisticated state actor” was responsible for an attempted hack on Australia’s parliament and political parties just months from the election. However, he refused to point the blame a particular country for the cyber-attack.
CrowdStrike’s report found Russian state-sponsored hackers, known colloquially as bears, take an average of just 18 minutes and 49 seconds to move laterally through a computer network – substantially faster than other countries.
“It is quite remarkable to see that Russia-based threat actors are almost eight times as fast as their speediest competitor — North Korea-based adversaries, who themselves are almost twice as fast as intrusion groups from China,” the report reads.
North Korea’s state-sponsored hackers recorded a breakout time of two hours and 20 minutes, while Chinese actors took four hours and 26 seconds. Iran hackers were the fourth fastest with five hours and nine minutes. Comparatively, cyber-criminal gangs required nine hours and 42 minutes to breakout.
The report said even though several nation-states claimed they would curb clandestine cyber activities in 2018, data revealed the opposite.
“Behind the scenes, they doubled down on their cyber espionage operations — combining those efforts with further forays into destructive attacks and financially motivated fraud,” the report said.
CrowdStrike also highlighted state-sponsored attacks aimed at telecommunications.
“Several suspected China-based actor groups were linked to telecom targeting with some incidents demonstrating a specific interest in using telecom access or lures to enable operations against government sector targets,” the report read.
The report added that 60 per cent of all cyber-attacks involved some form of malware – software specifically designed to disrupt, damage or gain unauthorized access to a computer – with cybercrime gangs now adopting the strategy of “big game hunting” to attack large companies.
Cyber security expert Matthew Warren told nine.com.au the attacks on Australia’s parliament and political parties were just the tip of the iceberg.
“This is becoming the new normal with the level of cyber-attacks constantly increasing,” he said.
“The motivations of state-sponsored hackers is very different. Some countries will want to perform hacks for financial gain, while others could be politically focused (like Russian hackers successfully infiltrating the Clinton campaign in 2016).”
Deputy Head of the Australian Strategic Policy Institute’s International Cyber Policy Centre Danielle Cave believes China was likely behind the hack of Australia’s parliament and political parties, with the end-goal of stealing sensitive information.
“If you think about the other state actors that would have the cyber capabilities to pull breaches like this, like Russia, North Korea, Iran; those states are less interested in what’s happening in Australia,” she told nine.com.au.
“China is very, very interested.
“We don’t know what was potentially taken, and we also don’t know how that could be used.
“Those networks have been a goldmine in very useful intelligence.”
© Nine Digital Pty Ltd 2019