Attacker Breakout Time Falls to 18 Minutes
ReliaQuest report claims time from initial access to lateral movement has shrunk to just 18 minutes
Lateral movement lets attackers reach more systems after entry; network segmentation, least privilege, and monitoring can limit its impact.
Search across headline titles and summaries.
Background for this topic.
Lateral movement is an attacker’s progress from an initially compromised device or account to other systems, accounts, or network segments. It commonly uses stolen credentials, remote administration services, shared drives, exposed management interfaces, or vulnerabilities. The objective may be to reach higher-value assets, obtain greater privileges, or establish access that supports data theft or disruption. Because these actions can resemble normal administration, a single endpoint compromise can become a broader intrusion without clear perimeter breaches.
The most relevant defenses limit both reach and credential reuse: segment networks and sensitive environments, apply least privilege, require strong authentication for administrative access, and remove unnecessary remote services. Monitor authentication patterns, new administrative relationships, unusual remote execution, and access between systems that rarely communicate; correlate these signals with endpoint and identity telemetry. Rapidly disabling compromised accounts, isolating affected hosts, and rotating exposed credentials can contain movement, while vulnerability management reduces exploitable paths that bypass authentication.
Weekly headline count for the current query.
ReliaQuest report claims time from initial access to lateral movement has shrunk to just 18 minutes
It now takes threat actors on average just 62 minutes to move laterally from initial access, Crowdstrike claims
IBM found Gootloader group opting for GootBot over off-the-shelf tools for lateral movement
Researchers detail the DLL side-loading technique used to deploy malware that facilitates credential theft and lateral movement
Every second counts as threat actors accelerate lateral movement