Average time for a cyberattack takes 10 minutes

The current average time it takes for a hacker to perform an attack is ten minutes, according to cloud security provider Sysdig.

The 2023 Global Cloud Threat Report finds that from the moment a cyber security team is alerted of an attack threat, they will have an average of ten minutes until it is too late due to new automation techniques.

“Cloud-native attackers are ‘everything-as-code’ experts and automation fans, significantly reducing their time to impact on the target systems and increasing the potential blast radius,” says Allesandro Brucato, threat research engineer at Sysdig.

“Open source detection-as-code approaches like Falco are how blue teams can stay ahead in the cloud,” added Brucato.

The report finds that attackers are hiding in the cloud and abusing its services and policies to exploit the complexity of cloud-native environments to remain untraceable.

“The reality is attackers are good at exploiting the cloud. It’s not just that they can script recon and auto-deploy cryptominers and other malware, but they take the tools that unleash the power of the cloud for good and turn them into weapons,” says Michael Clark, director of threat research at Sysdig.

The report states that 10% of advanced supply chain threats are invisible to standard tools, as evasive techniques enable attackers to hide malicious code, and can only be found after they have been deployed.

Finally, Sysdig’s findings show telecommunications as the top sector (38%) targeted for cloud attacks, followed by finance (27%).

The report explains that these two sectors have valuable information and offer opportunities to make quick money.

It says that cloud hackers will sell data like online banking info for $35 each or merchant payment accounts for at least $1000.