A recent survey showed that a modern attacker finds a vulnerability that helps bypass network perimeter protection in less than ten hours. After an exploit, getting out of the compromised system takes less than five hours in half of the cases.
The survey, which allows to estimate the time for which organizations can detect and stop a hacker attack, was conducted by the American Institute for Research and Improvement of Information Security Specialists (SANS) and information security provider Bishop Fox. More than 300 ethical hackers from different countries took part in the survey.
Almost two-thirds of the respondents have experience in the profile (network security, pentest, application security, etc.) from one to six years, about 30% – from seven to 20 years. The best results in gaining access to the target network were shown by cloud security checkers.
Most often, hackers use vulnerable settings, software developer errors, and poorly protected web services for this purpose. Nearly two-thirds of those surveyed said that after penetrating the internal network, they can collect data and display it in five hours, and 41% in two hours or less.
<img data-lazy-fallback="1" data-attachment-id="7019" data-permalink="https://cyberthreatintelligence.com/experts/network-hackers-find-the-right-vulnerability-in-less-than-10-hours/attachment/2-93/" data-orig-file="https://cyberthreatintelligence.com/wp-content/uploads/2022/10/2-2.jpeg" data-orig-size="700,328" data-comments-opened="1" data-image-title="2" data-image-description="" data-image-caption="" data-medium-file="https://cyberthreatintelligence.com/wp-content/uploads/2022/10/2-2-300×141.jpeg" data-large-file="https://cyberthreatintelligence.com/wp-content/uploads/2022/10/2-2.jpeg" class="alignnone size-full wp-image-7019" src="https://cyberthreatintelligence.com/wp-content/uploads/2022/10/2-2.jpeg" alt="Network hackers find the right vulnerability in