Report finds "most" hackers exfiltrate data within just five hours

A survey by cyber security training firm SANS has found that around two-thirds of ‘ethical’ hackers are able to successfully collect and exfiltrate data within just five hours of gaining access. The inaugural ethical hacking survey, which gathered insights from more than 300 sanctioned adversaries (also known as ‘ethical’ hackers), was sponsored by offensive security company Bishop Fox.

Tom Eston, Bishop Fox’s Associate Vice-President of Consulting, said that the aim of the research was to explore the thought processes of actual attackers and also to help security teams make better decisions, both offensively and defensively.

Eston said: “With these insights, we can better understand the ‘cost of doing business’ for attackers, as well as the speed with which they execute. Knowing how adversaries operate and how they pivot between tactics and techniques can help organisations evaluate their investments, and better understand where they need to double down on controls, policies, testing and defences.”

The research found that 57 per cent of adversaries said that it took them around 10 hours to successfully discover an exploitable exposure and close to 64 per cent of hackers said that they were then able to collect and potentially exfiltrate data within a five-hour window.

The report from SANS, which broke down the results from the survey, said: “We see a consistent theme of adversaries able to perform intrusion actions within a 5-hour window. Whether it’s lateral movement, privilege escalation, or data exfiltration, security teams should be measuring their ability to proactively identify, and detect and respond as quickly as possible.”

The report continued to state that a hackers’ speed often increases as they get further along in their attacks, adding that this is either due to a lack of detection up to that point or because they become more familiar with the compromised environment.