FOCUS MODE
EXTRACT IOC
Threat Research

Racing the Clock: Outpacing Accelerating Attacks – ReliaQuest

iocOne
Racing the Clock: Outpacing Accelerating Attacks – ReliaQuest
The article discusses the significant acceleration in cyber attack speeds in 2024, with an overall increase of 22% compared to the previous year. Key influences include the rise of initial access brokers (IABs), streamlined ransomware-as-a-service (RaaS) operations, and the use of AI-enhanced penetration testing tools. The faster attackers execute breaches creates profound challenges for organizations, necessitating automated defenses for effective responses. Affected: organizations, ransomware victims, cybersecurity sector

Keypoints :

  • 2024 has seen a 22% increase in attack speed compared to 2023.
  • The fastest incident recorded lateral movement in just 27 minutes.
  • Initial Access Brokers (IABs) are actively facilitating quicker breaches.
  • Ransomware-as-a-service (RaaS) operations have become more efficient, leading to faster attacks.
  • AI tools are enhancing the speed of penetration testing and vulnerability exploitation.
  • Average breakout time for incidents was found to be 48 minutes, down 22% from 2023.
  • Infostealer logs and IAB activity have seen significant increases in 2024.
  • RaaS groups are adopting specialized tactics such as help-desk scams to accelerate attacks.
  • Defenders must adopt automated strategies to match the speed of cyber adversaries.
  • Organizations are encouraged to integrate automated response playbooks for efficient incident management.

MITRE Techniques :

  • Initial Access (T1078): Threat actors use stolen credentials acquired through infostealers.
  • Command and Control (T1071): Attackers establish C2 connections using native RMM tools like AnyDesk and TeamViewer.
  • Lateral Movement (T1021): Threat actors use techniques like remote desktop protocol (RDP) to move laterally within networks.
  • Credential Dumping (T1003): IABs harvest credentials and sell them on the dark web.
  • Exploitation of Vulnerability (T1203): Rapid exploitation of known vulnerabilities aided by automation and AI tools.

Indicator of Compromise :

  • No IoC found

Full Story: https://www.reliaquest.com/blog/racing-the-clock-outpacing-accelerating-attacks/

Tags: FINANCIAL, CREDENTIAL, SOCIAL ENGINEERING, EXPLOIT, PENETRATION, CVE, MONITOR, DARK WEB