close
close

topicnews · October 15, 2024

Cybercrime: Timing is everything

Cybercrime: Timing is everything

Cybercriminals have an unerring sense of the right moment. “Cybercrime is a question of timing. In order to be successful, the actors rely on speed and the exact moment of inattention,” says Holger Unterbrink, technical director of Cisco Talos in Germany. The company has put together some exciting facts and figures for Cybersecurity Awareness Month.

In one of its fastest attacks, the Lockbit ransomware gang needed less than six minutes to encrypt 53 gigabytes of test files. This is shown by an analysis by Cisco subsidiary Splunk. During a cigarette break, all data was rendered unusable. According to Unterbrink, the encryption time is likely to become even shorter in the future thanks to the use of AI.

Only phishing is even faster. After opening a phishing message, it takes on average only 21 seconds for a malicious link to be clicked. It then takes another 28 seconds for careless people to enter their data.

Costs explode

If operations are still running after a cyber attack, it quickly becomes expensive for the affected companies. According to Splunk, each minute costs an average of $9,000. Calculated over the course of an hour, the damage already adds up to more than half a million dollars. This can quickly become a threat to the existence of a company.

According to Cisco Thalos, the attackers are also significantly faster than the defenders. According to this, companies need on average around 88 days to fix critical vulnerabilities. However, the attackers, for their part, only need 44 days to exploit the vulnerability of the systems.

Timing is everything

Cybercriminals are also familiar with the work rhythm of office workers and use this for their own benefit. The time between 8 a.m. and 9 a.m. – when employees authenticate themselves for the working day – is prime time for hackers to circumvent multifactor authentication through fraudulent push attacks.

If an attack was successful, an interesting cycle emerged. Three months of above-average activity were followed by a month’s break. According to Cisco Thales, this is because the criminals first have to evaluate and process the stolen data before attacking again.

You may also like...