CrowdStrike says attackers are moving through networks in under 30 minutes
CrowdStrike says attackers are moving through networks in under 30 minutes
https://cyberscoop.com/crowdstrike-annual-global-threat-report-attack-breakout-time/
Publish Date: 2026-02-24 03:04:00
Source Domain: cyberscoop.com
Cyberattacks reached victims faster and came from a wider range of threat groups than ever last year, CrowdStrike said in its annual global threat report released Tuesday, adding that cybercriminals and nation-states increasingly relied on predictable tactics to evade detection by exploiting trusted systems.
The average breakout time — how long it took financially-motivated attackers to move from initial intrusion to other network systems — dropped to 29 minutes in 2025, a 65% increase in speed from the year prior. “The fastest breakout time a year ago was 51 seconds. This year it’s 27 seconds,” Adam Meyers, head of counter adversary operations at CrowdStrike, told CyberScoop.
Defenders are falling behind because attackers are refining their techniques, using social engineering to access high-privilege systems faster and move through victims’ cloud infrastructure undetected.
“Threat actors are exploiting those cross-domain gaps to gain access to environments, so they’re wriggling in between the seams in cloud, identity, enterprise and unmanaged network devices,” Meyers said.
Starting from an already disadvantaged position — made worse by faster attacks and living-off-the-land techniques — defenders face burnout, stress and other factors that can lead to mistakes, he added.
The myriad sources of these problems are spreading, too.
CrowdStrike tracked 281 threat groups at the end of 2025, including 24 new threats it named throughout the year. Researchers at the cybersecurity firm are also tracking 150 active malicious activity clusters and emerging threat groups.
Cybercriminals seeking a payout and nation states committing espionage or implanting footholds into critical infrastructure for prolonged access are increasingly seizing on security weaknesses in cloud-based environments to break into victim networks.
These cloud-focused attacks have seen a reported 37% year-over-year increase, with a 266%…
