According to the Global Threat Report by CrowdStrike, North Korea was second in “breakout time” at 2 hours and 20 minutes, coming behind Russia, which recorded 18 minutes and 47 seconds.
Breakout time refers to the window of time from when the attacker first compromises the endpoint machine -- any device that has the capability to connect to the network, such as computers -- until it hacks into the target network, said the 77-page report.
This is important to defenders because it represents the amount of time they have to respond to and contain or remediate an intrusion before it spreads widely and leads to a major breach.
China ranked third on the list with 4 hours, followed by Iran with 5 hours and 9 minutes. The report did not include the US as it was designed to evaluate cyberthreats against the country.
“North Korea remained active in both intelligence collection and currency-generation schemes, despite participating in diplomatic outreach,” the report said.
The report also found a significant rise in Chinese hackers targeting the US, which could be linked to increased tension between the two countries.
The overall average breakout time in 2018 across all attacks was 4 hours and 37 minutes, an increase from 1 hour and 58 minutes in 2017, according to the report. Various factors may have contributed to the increase, such as a rise in attacks by slower-moving hackers.
The dataset used for the analysis was based on attacks that occurred last year among organizations that the cybersecurity company worked with, including companies and government agencies deployed across 176 countries, it said.
By Jo He-rim (firstname.lastname@example.org)