{"id":2952,"date":"2025-09-24T02:59:52","date_gmt":"2025-09-24T02:59:52","guid":{"rendered":"https:\/\/ft365.org\/index.php\/2025\/09\/24\/attacker-breakout-time-falls-to-18-minutes\/"},"modified":"2025-09-24T02:59:52","modified_gmt":"2025-09-24T02:59:52","slug":"attacker-breakout-time-falls-to-18-minutes","status":"publish","type":"post","link":"https:\/\/ft365.org\/index.php\/2025\/09\/24\/attacker-breakout-time-falls-to-18-minutes\/","title":{"rendered":"Attacker Breakout Time Falls to 18 Minutes"},"content":{"rendered":"<div>\n<p><img decoding=\"async\" src=\"https:\/\/ft365.org\/wp-content\/uploads\/2025\/06\/localimages\/ea721ff9-8ba4-4d88-b386-57e9e1606077.jpg?width=64&#038;height=64&#038;mode=crop&#038;scale=both&#038;format=webp\" alt=\"Photo of Phil Muncaster\" loading=\"lazy\"><\/p>\n<\/div>\n<div id=\"cphContent_pnlArticleBody\" data-layout-id=\"2\" data-edit-folder-name=\"text\" data-index=\"0\">\n<p>Threat actors are accelerating their attacks and adopting innovative new ways to circumvent endpoint detection mechanisms, according to a new report from ReliaQuest.<\/p>\n<p>The threat intelligence vendor claimed in its latest <em>Threat Spotlight<\/em> report for the period June\u2013August 2025 that average breakout time \u2013 the period from initial access to lateral movement \u2013 dropped to 18 minutes.<\/p>\n<p>One attack from the Akira came in at just six minutes, way below the lowest breakout time recorded in 2024, of 27 minutes.<\/p>\n<p>The figure keeps falling. In January, ReliaQuest claimed breakout time in 2024 was 22% shorter than the previous year. Once adversaries reach this stage, attacks become harder to detect and contain.<\/p>\n<p>Threat actors are not just getting faster but also smarter, ReliaQuest warned. There\u2019s been a sharp rise in ransomware operations using the SMB file-sharing protocol for remote file encryption \u2013 from 20% to 29% of ransomware attacks.<\/p>\n<p><em>Read more from ReliaQuest: Automation and Vulnerability Exploitation Drive Mass Ransomware Breaches.<\/em><\/p>\n<p>\u201cUsing compromised credentials, attackers access shared files on a network via a single compromised host, often through unmanaged devices or VPNs,\u201d the report noted.<\/p>\n<p>\u201cBy encrypting data remotely, they bypass endpoint protections entirely, operating quietly and efficiently within the network. This highlights a critical flaw in endpoint-focused defenses: Attacks don\u2019t stop at the endpoint, and neither should your defenses.\u201d<\/p>\n<h2><strong>USB Malware on the Rise<\/strong><\/h2>\n<p>ReliaQuest also warned that drive-by-compromise remains the most popular tactic for initial access, accounting for 34% of incidents. That\u2019s versus 12% for spear phishing links and, remarkably, 12% for USB malware.<\/p>\n<p>\u201cUSB-based malware is thriving because of weak policy enforcement and inconsistent endpoint controls. It\u2019s easy to overlook the dangers of plugging in unvetted USBs and attackers exploit this to infiltrate corporate networks,\u201d the report noted.<\/p>\n<p>It pointed to the Gamarue variant as particularly prevalent in the period.<\/p>\n<p>\u201cGamarue hides its malicious Dynamic Link Libraries (DLLs) so well that most employees wouldn\u2019t know they\u2019re infected,\u201d ReliaQuest said. \u201cThe infection trigger \u2013 a malicious LNK file \u2013 disguises itself as a legitimate file already present on the USB, making it even harder to spot.\u201d<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Threat actors are accelerating their attacks and adopting innovative new ways to circumvent endpoint detection mechanisms, according to a new report from ReliaQuest. The threat intelligence vendor claimed in its latest Threat Spotlight report for the period June\u2013August 2025 that average breakout time \u2013 the period from initial access to lateral movement \u2013 dropped to<\/p>\n","protected":false},"author":2,"featured_media":2953,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2952","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2952-998eb7dd-e337-4c19-8339-38218427ece0.jpg",300,300,false],"thumbnail":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2952-998eb7dd-e337-4c19-8339-38218427ece0-150x150.jpg",150,150,true],"medium":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2952-998eb7dd-e337-4c19-8339-38218427ece0.jpg",300,300,false],"medium_large":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2952-998eb7dd-e337-4c19-8339-38218427ece0.jpg",300,300,false],"large":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2952-998eb7dd-e337-4c19-8339-38218427ece0.jpg",300,300,false],"1536x1536":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2952-998eb7dd-e337-4c19-8339-38218427ece0.jpg",300,300,false],"2048x2048":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2952-998eb7dd-e337-4c19-8339-38218427ece0.jpg",300,300,false],"morenews-featured":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2952-998eb7dd-e337-4c19-8339-38218427ece0.jpg",300,300,false],"morenews-large":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2952-998eb7dd-e337-4c19-8339-38218427ece0.jpg",300,300,false],"morenews-medium":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2952-998eb7dd-e337-4c19-8339-38218427ece0.jpg",300,300,false],"crawlomatic_preview_image":["https:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2952-998eb7dd-e337-4c19-8339-38218427ece0-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"https:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"<a href=\"https:\/\/ft365.org\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/2952","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=2952"}],"version-history":[{"count":0,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/2952\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/2953"}],"wp:attachment":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=2952"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=2952"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=2952"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}