You Have Around 20 Minutes To Contain a Russian APT Attack

When a Russian nation-state actor attacks a government or a private organization, they have about 20 minutes to detect and contain the attack. From a report: New statistics published today by US cyber-security firm Crowdstrike ranked threat groups based on their "breakout time." "Breakout time" refers to the time a hacker group takes from gaining initial access to a victim's computer to moving laterally through its network. This includes the time the attacker spends scanning the local network and deploying exploits in order to escalate his access to other nearby computers.

[...] According to data gathered from 2018 hack investigations, CrowdStrike says Russian hackers (which the company calls internally "Bears") have been the most prolific and efficient hacker groups last year, with an average breakout time of 18 minutes and 49 seconds.

'APT' attack?

[Necron69]

I admit I had to Google that one. Stupid article doesn't explain the name at all, and here I was thinking we had some big new Debian/Ubuntu vulnerability.

- Necron69

Re:'APT' attack?

[aaarrrgggh]

While it didn’t register, I was able to come up with Advanced Persistant Threat on my own given the summary.

Let's make this about me, OK?

[CaptainDork]

Mobil Oil, ca. 1986. We had a fractional T1 connecting Beaumont, Dallas and Reston, Va.

I was senior network engineer in Beaumont. Got a call from Dallas that a hacker* was crawling all over the place.

I pulled the Ethernet cable on my Cisco router while I was on the phone.

Reston started calling, freaking out. It never occurred to the other blokes that bad guys ride wires.

*The hacker was actually a Joe Cool Kollidge Kid working for us who hooked Mobil to Lamar University in Beaumont to his home computer.

Ah, the learning days. I miss those.

Re:The same dudes that "investigated" the DNC serv

What's up with slashdot lately? Russia, Huawei, China, Russia, Huawei, China, Russi, Huawei, China.