惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

V2EX - 技术
V2EX - 技术
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
T
Threat Research - Cisco Blogs
T
The Exploit Database - CXSecurity.com
S
Schneier on Security
S
Securelist
P
Privacy & Cybersecurity Law Blog
Scott Helme
Scott Helme
T
Threatpost
C
Cybersecurity and Infrastructure Security Agency CISA
L
LINUX DO - 热门话题
Cyberwarzone
Cyberwarzone
Cisco Talos Blog
Cisco Talos Blog
量子位
博客园 - Franky
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Latest news
Latest news
T
Troy Hunt's Blog
N
News | PayPal Newsroom
Google Online Security Blog
Google Online Security Blog
Apple Machine Learning Research
Apple Machine Learning Research
N
Netflix TechBlog - Medium
小众软件
小众软件
P
Palo Alto Networks Blog
Spread Privacy
Spread Privacy
C
Cyber Attacks, Cyber Crime and Cyber Security
C
Check Point Blog
aimingoo的专栏
aimingoo的专栏
WordPress大学
WordPress大学
L
Lohrmann on Cybersecurity
L
LINUX DO - 最新话题
D
Darknet – Hacking Tools, Hacker News & Cyber Security
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
The Last Watchdog
The Last Watchdog
S
Security @ Cisco Blogs
P
Privacy International News Feed
Last Week in AI
Last Week in AI
Microsoft Security Blog
Microsoft Security Blog
T
Tailwind CSS Blog
博客园_首页
云风的 BLOG
云风的 BLOG
V
Vulnerabilities – Threatpost
D
DataBreaches.Net
Recent Announcements
Recent Announcements
酷 壳 – CoolShell
酷 壳 – CoolShell
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
罗磊的独立博客
Engineering at Meta
Engineering at Meta
Forbes - Security
Forbes - Security
T
Tenable Blog

WeLiveSecurity

Supply chain dependencies: Have you checked your blind spot? Recovery scammers hit you when you’re down: Here’s how to avoid a ‘second strike’ Digital assets after death: Managing risks to your loved one’s digital estate This month in security with Tony Anscombe – March 2026 edition RSAC 2026 wrap-up – Week in security with Tony Anscombe A cunning predator: How Silver Fox preys on Japanese firms this tax season Virtual machines, virtually everywhere – but not all protected Cloud workload security: Mind the gaps Move fast and save things: A quick guide to recovering a hacked account EDR killers explained: Beyond the drivers Face value: What it takes to fool facial recognition Cyber fallout from the Iran war: What to have on your radar Sednit reloaded: Back in the trenches What cybersecurity actually does for your business How SMBs use threat research and MDR to build a defensive edge Protecting education: How MDR can tip the balance in favor of schools This month in security with Tony Anscombe – February 2026 edition Mobile app permissions (still) matter more than you may think Faking it on the phone: How to tell if a voice call is AI or not PromptSpy ushers in the era of Android threats using GenAI Is Poshmark safe? How to buy and sell without getting scammed Is it OK to let your children post selfies online? Naming and shaming: How ransomware groups tighten the screws on victims Taxing times: Top IRS scams to look out for in 2026 OfferUp scammers are out in force: Here’s what you should know A slippery slope: Beware of Winter Olympics scams and other cyberthreats This month in security with Tony Anscombe – January 2026 edition DynoWiper update: Technical analysis and attribution Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan Drowning in spam or scam emails lately? Here’s why ESET Research: Sandworm behind cyberattack on Poland’s power grid in late 2025 Children and chatbots: What parents should know Common Apple Pay scams, and how to stay safe Old habits die hard: 2025’s most common passwords were as predictable as ever Why LinkedIn is a hunting ground for threat actors – and how to protect yourself Is it time for internet services to adopt identity verification? Your information is on the dark web. What happens next? Credential stuffing: What it is and how to protect yourself This month in security with Tony Anscombe – December 2025 edition A brush with online fraud: What are brushing scams and how do I stay safe? Revisiting CVE‑2025‑50165: A critical flaw in Windows Imaging Component LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan ESET Threat Report H2 2025 Black Hat Europe 2025: Was that device designed to be on the internet at all? Black Hat Europe 2025: Reputation is currency – even in the ransomware economy Locks, SOCs and a cat in a box: What Schrödinger can teach us about cybersecurity Seeking symmetry during ATT&CK® season: How to harness today’s diverse analyst and tester landscape to paint a security masterpiece The biggest catch: How whaling attacks target top executives Phishing, privileges and passwords: Why identity is critical to improving cybersecurity posture MuddyWater: Snakes by the riverbank Oversharing is not caring: What’s at stake if your employees post too much online This month in security with Tony Anscombe – November 2025 edition What parents should know to protect their children from doxxing Influencers in the crosshairs: How cybercriminals are targeting content creators MDR is the answer – now, what’s the question? The OSINT playbook: Find your weak spots before attackers do PlushDaemon compromises network devices for adversary-in-the-middle attacks What if your romantic AI chatbot can’t keep a secret? Can password managers get hacked? Here’s what to know Why shadow AI could be your biggest security blind spot In memoriam: David Harley The who, where, and how of APT attacks in Q2 2025–Q3 2025 ESET APT Activity Report Q2 2025–Q3 2025 Sharing is scaring: The WhatsApp screen-sharing scam you didn’t see coming How social engineering really works | Unlocked 403 cybersecurity podcast (S2E6) Ground zero: 5 things to do after discovering a cyberattack This month in security with Tony Anscombe – October 2025 edition Fraud prevention: How to help older family members avoid scams Cybersecurity Awareness Month 2025: When seeing isn't believing Recruitment red flags: Can you spot a spy posing as a job seeker? How MDR can give MSPs the edge in a competitive market Cybersecurity Awareness Month 2025: Cyber risk thrives in the shadows Gotta fly: Lazarus targets the UAV sector SnakeStealer: How it preys on personal data – and how to stay safe Cybersecurity Awareness Month 2025: Building resilience against ransomware Minecraft mods: When ‘hacking’ your game becomes a security risk IT service desks: The security blind spot that may put your business at risk Cybersecurity Awareness Month 2025: Why software patching matters more than ever AI-aided malvertising: How chatbots can help spread scams How Uber seems to know where you are – even with restricted location permissions Cybersecurity Awareness Month 2025: Passwords alone are not enough The case for cybersecurity: Why successful businesses are built on protection Beware of threats lurking in booby-trapped PDF files Manufacturing under fire: Strengthening cyber-defenses amid surging threats New spyware campaigns target privacy-conscious Android users in the UAE Cybersecurity Awareness Month 2025: Knowledge is power This month in security with Tony Anscombe – September 2025 edition Roblox executors: It’s all fun and games until someone gets hacked DeceptiveDevelopment: From primitive crypto theft to sophisticated AI-based deception Watch out for SVG files booby-trapped with malware Gamaredon X Turla collab Small business, big risk: How SMBs can fight back against ransomware HybridPetya: A Petya/NotPetya copycat comes with a twist Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass Are cybercriminals hacking your systems – or just logging in? Preventing business disruption and building cyber-resilience with MDR Under lock and key: Safeguarding business data with encryption GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes This month in security with Tony Anscombe – August 2025 edition Don’t let “back to school” become “back to bullying”
As breakout time accelerates, prevention-first cybersecurity takes center stage
Phil Muncaster · 2026-04-07 · via WeLiveSecurity

Business Security

Threat actors are using AI to supercharge tried-and-tested TTPs. When attacks move this fast, cyber-defenders need to rethink their own strategy.

07 Apr 2026  •  , 4 min. read

As breakout time accelerates, prevention-first cybersecurity takes center stage

We stand at an interesting point in the never-ending arms race between attackers and defenders. The former are using AI, automation and a range of techniques to sometimes devastating effect. In fact, one report claims that 80% of ransomware-as-a-service (RaaS) groups now offer AI or automation as features – and, of course, there’s also a thriving market with tools that are specifically intended to evade security tools. Data breaches and associated costs have surged as a result.

But on the other hand, threat actors are just doing what they have done before – supercharging existing tactics, techniques and procedures (TTPs) to accelerate attacks. The time between initial access and lateral movement (breakout time), for example, is now measured in minutes. For defenders used to working in hours or days, things need to change.

A half-hour warning

Breakout time matters, because if network defenders can’t stop their adversaries at this point, then an initial intrusion may very quickly become a major incident. The average time to break out laterally is now around 30 minutes – in the region of 29% faster than a year previously – although some observers have seen it happen in less than a minute after initial access.

There are several reasons why the window for action is rapidly closing. Threat actors are:

  • Getting better at stealing/cracking/phishing legitimate credentials from your employees. Weak, reused and infrequently rotated passwords help them here (i.e., by making brute-force attacks easier). As does a lack of multifactor authentication (MFA). They’re also getting better at password-reset vishing attacks, either impersonating the helpdesk, or calling the helpdesk impersonating employees. With legit logins, they can masquerade as users without setting off any internal alarms.
  • Using zero-day exploits to target edge devices, such as Ivanti EPMM in order to gain a foothold in networks while remaining hidden from in-house security tools.
  • Getting better at reconnaissance, using open source techniques and AI to scour the web for publicly available information on high-value targets (with privileged credentials). They gather information on organizational structure, internal processes and the IT environment, to streamline attacks and design social engineering scripts.
  • Automating post-exploitation activity using AI-powered scripts for credential harvesting, living off the land, and even malware generation.
  • Exploiting the gaps between siloed teams and point solutions. As a result, activity that looks legitimate to the former might seem unusual to the latter, but without holistic visibility, edge cases may not be investigated. In some cases, threat actors take deliberate steps to disable or evade EDR.
  • Using living-off-the-land (LOTL) techniques to stay hidden. That means using valid credentials, legitimate remote access tools and protocols like SMB and RDP which means they blend in with regular activity.

Catching threat actors at this point is essential – especially as exfiltration (when it begins) is also being accelerated by AI. The fastest recorded case last year was just six minutes; down from 4 hours 29 minutes in 2024.

Fighting fire with (AI) fire

If attackers are able to access your network with elevated privileges or stay hidden on unobserved endpoints, and then move laterally without raising any alarms, human-powered response will often be too slow. You need to limit social engineering, update defensive posture to improve detection of suspicious behavior, and accelerate response times.

AI-powered extended detection and response (XDR) and managed detection and response (MDR) can help here by automatically flagging suspicious behavior, using contextual data to improve alert fidelity, and remediating where necessary. Advanced offerings may also help by clustering alerts and generating automated responses for stretched SOC teams, freeing up their time to work on high-value tasks like threat hunting.

A single, unified provider with insight across endpoint, networks, cloud and other layers can also shine a light onto those gaps that exist between point solutions, for full visibility of potential attack paths. Ensure that any such tools also have visibility of edge devices, and work seamlessly with your security information and event management (SIEM) and security orchestration and response (SOAR) tooling. 

Threat intelligence and threat hunting are also vital to keep pace with AI-supported adversaries. An approach that harnesses both will help teams focus on what matters – how attackers are targeting them and where they might move next. AI agents might in time be able to take on more of these tasks autonomously to further speed up response times.

Regaining the initiative

There are other ways to accelerate response times, including:

  • The continuous monitoring and awareness across endpoints, network, and cloud environments.
  • Automated steps – such as session termination, password reset or host isolation – that need to be taken in order to address suspicious activity and, where appropriate, automated analysis combined with human assessment to investigate alerts and inform the steps needed to contain a threat fast.
  • Least privilege access policies, micro-segmentation and other hallmarks of Zero Trust to ensure strict access controls and minimize the blast radius of attacks.
  • Enhanced identity-centric security based around strong, unique credentials managed in a password manager, and backed by phishing-resistant MFA.
  • Anti-vishing steps including updated helpdesk processes (e.g., out-of-band callbacks) and effective awareness training
  • Brute-force protection that blocks automated password-guessing attacks at entry.
  • Continuous monitoring of social media and dark web for exposed employee and company information that could be weaponized.
  • Monitoring of scripts and processes as they "decloak" in memory, to spot and block LOTL behavior.
  • Cloud sandbox execution of suspicious files to mitigate zero-day exploit threats.

None of these steps alone is a silver bullet. But when layered up and relying on AI-powered MDR/XDR from a reputable supplier, they can help defenders to regain the initiative. It may be an arms race, but it’s one with fundamentally no end in sight. That means there’s time to catch up.


Let us keep you
up to date

Sign up for our newsletters