In a report published by CrowdStrike, the U.S. cybersecurity firm ranked threat groups based on their "breakout time."
And it concluded that the hackers from Russia are the fastest.
"Breakout time" refers to the time a hacker group needs to gain initial access to a victim's computer to moving laterally through its network to steal data.
This includes the time the group spends scanning the local network and deploying exploits escalate access to other nearby computers.
This metric is crucial, as it is considered the time needed to detect infection and isolate the hacked computers before any intrusion happens.
And here, CrowdStrike said that governments and private organizations have less than 20 minutes to detect and contain a hack from Russian nation-state actors.

To come into this conclusion, CrowdStrike gathered data from 2018 hack investigations.
The company said that Russian hackers (which the company calls internally as "Bears") have been the most prolific and efficient hacker groups in 2018, with an average breakout time of 18 minutes and 49 seconds.
The Bears are followed by North Korean groups (Chollimas) with an average of 2 hours and 20 minutes, Chinese hacker groups (Pandas) with 4 hours, Iranians (Kittens) with 5 hours and 9 minutes, and cybercrime gangs (Spiders) at roughly 9 hours and 42 minutes.
"The overall average breakout time that CrowdStrike observed in 2018 across all intrusions and threat actors was 4 hours 37 mins, a substantial increase from 1 hour and 58 minutes tracked in 2017."
"While certainly not the only metric to judge sophistication by, this ranking by breakout time is an interesting way to evaluate the operational capabilities of major threat actors."

The "breakout time" metrics are included in the 2019 CrowdStrike Global Threat Report.
The report's other findings include:
- Nation-state adversaries were continuously active throughout 2018, targeting dissidents, regional adversaries, and foreign powers to collect information for decision-makers.
- Many countries used the media and diplomatic channels to hide their cyber-activities.
- Sixty percent of all cyberattacks used malware.
- China and North Korea accounted for almost half of all the nation-state attacks in 2018.
- Hacking supply chain companies instead of attacking targets directly has become a trend.
- Iran and Russia were focusing their hacking efforts on telecommunication companies.
- Cybercrime groups are increasingly using TTPs-for-hire (renting the services or tools provided by other groups, instead of creating their own).
- Cybercriminals use the big game hunting" strategy to carry out targeted intrusion against large companies to extract bigger ransom demands.
- Criminal actors have increased their collaborations.
The Russian, North Korean and Chinese hacking groups are proficient as they've been the most active cyberthreat actors over the past decade, putting years of work and experience into building sophisticated hacking tools.













































































































































































































































































































































































