Attackers typically need only 224 seconds to take control of a corporate network and hand it over to the next team of intruders; detection takes an average of eight hours. Attack speeds have increased as initial access brokers and affiliated groups continue to automate their operations. This trend is highlighted in Mandiant Intelligence’s annual M-Trends 2021 report, the incident response arm of Google Cloud. The specialists analyzed over 500,000 hours of incident response data. The data suggests that manual defense operating at this pace has almost no chance of success. Initial access brokers and ransomware affiliates are involved. Initial Access Brokers (IABs) offer access points to networks belonging to other parties. Access is typically gained through stolen VPN credentials, hijacked Citrix or Fortinet sessions, compromised RDP servers, or exploits targeting Confluence, Exchange, and edge routers. Price lists tailored to industry, victim income, and circumstances can be found on certain forums.
ComputerWeekly.de