{"id":53139,"date":"2023-08-09T02:18:00","date_gmt":"2023-08-09T02:18:00","guid":{"rendered":"https:\/\/www.darkreading.com\/threat-intelligence\/attacker-breakout-time-shrinks-again-underscoring-need-for-automation"},"modified":"2023-08-09T02:18:00","modified_gmt":"2023-08-09T02:18:00","slug":"attacker-breakout-time-shrinks-again-underscoring-need-for-automation","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/attacker-breakout-time-shrinks-again-underscoring-need-for-automation\/","title":{"rendered":"Attacker Breakout Time Shrinks Again, Underscoring Need for Automation"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt8a25edf2b87a91d5\/62a0cff45eaa182dab84c7e9\/Threats_Illia_Uriadnikov_Alamy.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>Attackers are getting quicker. New research reveals they have shaved a few more minutes off of the time they need to transition from gaining initial access to a system, to their attempt to attack other devices on the same network.<\/p>\n<p>CrowdStrike finds the average intrusion required 79 minutes after initial compromise before launching an attack on other systems on a network. That&#8217;s down from 84 minutes in 2022. CrowdStrike&#8217;s <a href=\"https:\/\/finance.yahoo.com\/news\/crowdstrike-2023-threat-hunting-report-130100682.html\" target=\"_blank\" rel=\"noopener\">2023 Threat Hunting Report<\/a>, published on Tuesday, also reveals the fastest time was seven minutes between the initial access and attempts to extend the compromise, based on more than 85,000 incidents processed in 2022.<\/p>\n<p>An attacker&#8217;s main goal is to move to other systems and establish a presence in the network, so that even if incident responders quarantine the original system, the attacker can still come back, says Param Singh, vice president of CrowdStrike&#8217;s OverWatch security service. In addition, attackers want to gain access to other systems via legitimate user credentials, he says.<\/p>\n<p>&#8220;If they become the domain controller, that&#8217;s game over, and they have access to everything,&#8221; Singh says. &#8220;But if they cannot become domain admin, then they will go after key individuals who have better access to [valuable] assets &#8230; and try to escalate their privileges to those users.&#8221;<\/p>\n<p>The breakout time is one measure of an attackers&#8217; agility when compromising corporate networks. Another measure defenders use is the time it takes between the initial compromise and detection of the attacker, known as dwell time, which hit a low of 16 days in 2022, according to incident response firm Mandiant&#8217;s <a href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/mandiant-report-dwell-time-decreases-while-ransomware-extortion-flourish\" target=\"_blank\" rel=\"noopener\">annual M-Trends report<\/a>. Together, the two metrics suggest that most attackers quickly take advantage of a compromise and have carte blanche for more than two weeks before being detected.<\/p>\n<h2 class=\"regular-text\">Interactive Intrusions Now the Norm<\/h2>\n<p>Attackers have continued their shift to interactive intrusions, which grew by 40% in the second quarter of 2023, compared to the same quarter a year ago, and account for more than half of all incidents, according to CrowdStrike.<\/p>\n<p>The majority of interactive intrusions (62%) involved the abuse of legitimate identities and account information. The collection of identity information also took off, with 160% increase in efforts to &#8220;collect secret keys and other credential material,&#8221; while harvesting Kerberos information from Windows systems for later cracking, a technique known as Kerberoasting, grew by nearly 600%, the <a href=\"https:\/\/www.crowdstrike.com\/resources\/reports\/threat-hunting-report\/\" target=\"_blank\" rel=\"noopener\">CrowdStrike Threat Hunting report stated<\/a>.<\/p>\n<p>Attackers are also scanning repositories where companies accidentally publish identity material. In November 2022, one organization accidentally pushed its root account&#8217;s access key credentials to GitHub, eliciting a quick response from attackers, CrowdStrike said.<\/p>\n<p>&#8220;Within seconds, automated scanners and multiple threat actors attempted to use the compromised credentials,&#8221; the report stated. &#8220;The speed with which this abuse was initiated suggests that multiple threat actors \u2014 in efforts to target cloud environments \u2014 maintain automated tooling to monitor services such as GitHub for leaked cloud credentials.&#8221;<\/p>\n<p>Once on a system, attackers use the machine&#8217;s own utilities \u2014 or download legitimate tools \u2014 to escape notice. So-called &#8220;<a href=\"https:\/\/www.darkreading.com\/endpoint\/-volt-typhoon-china-backed-apt-infiltrates-us-critical-infrastructure\" target=\"_blank\" rel=\"noopener\">living off the land<\/a>&#8221; techniques prevent detection of more obvious malware. Unsurprisingly, adversaries have tripled their use of legitimate remote management and monitoring (RMM) tools, such as AnyDesk, ConnectWise, and TeamViewer, according to CrowdStrike.<\/p>\n<h2 class=\"regular-text\">Attackers Continue to Focus on Cloud<\/h2>\n<p>As companies have adopted cloud for much of their operational infrastructure \u2014 especially following the start of the coronavirus pandemic \u2014 attackers have followed. CrowdStrike observed more &#8220;cloud-conscious&#8221; attacks, with cloud exploitation nearly doubling (up 95%) in 2022.<\/p>\n<p>Often the attacks focus on Linux, because the most common workload in the cloud are Linux containers or virtual machines. The privilege escalation tool LinPEAS was used in three times more intrusions than the next most commonly abused tool, CrowdStrike said.<\/p>\n<p>The trend will only accelerate, CrowdStrike&#8217;s Singh says.<\/p>\n<p>&#8220;We are seeing like threat actors becoming more cloud aware \u2014 they understand the cloud environment, and they understand the misconfigurations typically seen in cloud,&#8221; he says. &#8220;But the other thing that we are seeing is &#8230; the threat actor getting into a machine on the on-prem side, and then using the credentials and everything to move to cloud &#8230; and cause a lot of damage.&#8221;<\/p>\n<p>Separately, CrowdStrike announced that it plans to combine its threat-intelligence and threat-hunting teams into a single entity, the Counter Adversary Operations group, the company said in <a href=\"https:\/\/www.crowdstrike.com\/press-releases\/crowdstrike-unleashes-new-counter-adversary-operations\/\" target=\"_blank\" rel=\"noopener\">a press release<\/a> on August 8.<\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/attacker-breakout-time-shrinks-again-underscoring-need-for-automation\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Just 79 minutes \u2014 that&#8217;s how long it takes attackers to move from an initial compromise to extending their infiltration of a firm&#8217;s network.Read More <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/attacker-breakout-time-shrinks-again-underscoring-need-for-automation\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-53139","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Attacker Breakout Time Shrinks Again, Underscoring Need for Automation 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/attacker-breakout-time-shrinks-again-underscoring-need-for-automation\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Attacker Breakout Time Shrinks Again, Underscoring Need for Automation 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/attacker-breakout-time-shrinks-again-underscoring-need-for-automation\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-08-09T02:18:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt8a25edf2b87a91d5\/62a0cff45eaa182dab84c7e9\/Threats_Illia_Uriadnikov_Alamy.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacker-breakout-time-shrinks-again-underscoring-need-for-automation\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacker-breakout-time-shrinks-again-underscoring-need-for-automation\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Attacker Breakout Time Shrinks Again, Underscoring Need for Automation\",\"datePublished\":\"2023-08-09T02:18:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacker-breakout-time-shrinks-again-underscoring-need-for-automation\\\/\"},\"wordCount\":718,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacker-breakout-time-shrinks-again-underscoring-need-for-automation\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt8a25edf2b87a91d5\\\/62a0cff45eaa182dab84c7e9\\\/Threats_Illia_Uriadnikov_Alamy.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacker-breakout-time-shrinks-again-underscoring-need-for-automation\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacker-breakout-time-shrinks-again-underscoring-need-for-automation\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacker-breakout-time-shrinks-again-underscoring-need-for-automation\\\/\",\"name\":\"Attacker Breakout Time Shrinks Again, Underscoring Need for Automation 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacker-breakout-time-shrinks-again-underscoring-need-for-automation\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacker-breakout-time-shrinks-again-underscoring-need-for-automation\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt8a25edf2b87a91d5\\\/62a0cff45eaa182dab84c7e9\\\/Threats_Illia_Uriadnikov_Alamy.jpg\",\"datePublished\":\"2023-08-09T02:18:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacker-breakout-time-shrinks-again-underscoring-need-for-automation\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacker-breakout-time-shrinks-again-underscoring-need-for-automation\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacker-breakout-time-shrinks-again-underscoring-need-for-automation\\\/#primaryimage\",\"url\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt8a25edf2b87a91d5\\\/62a0cff45eaa182dab84c7e9\\\/Threats_Illia_Uriadnikov_Alamy.jpg\",\"contentUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt8a25edf2b87a91d5\\\/62a0cff45eaa182dab84c7e9\\\/Threats_Illia_Uriadnikov_Alamy.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacker-breakout-time-shrinks-again-underscoring-need-for-automation\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Attacker Breakout Time Shrinks Again, Underscoring Need for Automation\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Attacker Breakout Time Shrinks Again, Underscoring Need for Automation 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/attacker-breakout-time-shrinks-again-underscoring-need-for-automation\/","og_locale":"en_US","og_type":"article","og_title":"Attacker Breakout Time Shrinks Again, Underscoring Need for Automation 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/attacker-breakout-time-shrinks-again-underscoring-need-for-automation\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-08-09T02:18:00+00:00","og_image":[{"url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt8a25edf2b87a91d5\/62a0cff45eaa182dab84c7e9\/Threats_Illia_Uriadnikov_Alamy.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/attacker-breakout-time-shrinks-again-underscoring-need-for-automation\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/attacker-breakout-time-shrinks-again-underscoring-need-for-automation\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Attacker Breakout Time Shrinks Again, Underscoring Need for Automation","datePublished":"2023-08-09T02:18:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/attacker-breakout-time-shrinks-again-underscoring-need-for-automation\/"},"wordCount":718,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/attacker-breakout-time-shrinks-again-underscoring-need-for-automation\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt8a25edf2b87a91d5\/62a0cff45eaa182dab84c7e9\/Threats_Illia_Uriadnikov_Alamy.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/attacker-breakout-time-shrinks-again-underscoring-need-for-automation\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/attacker-breakout-time-shrinks-again-underscoring-need-for-automation\/","url":"https:\/\/www.threatshub.org\/blog\/attacker-breakout-time-shrinks-again-underscoring-need-for-automation\/","name":"Attacker Breakout Time Shrinks Again, Underscoring Need for Automation 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/attacker-breakout-time-shrinks-again-underscoring-need-for-automation\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/attacker-breakout-time-shrinks-again-underscoring-need-for-automation\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt8a25edf2b87a91d5\/62a0cff45eaa182dab84c7e9\/Threats_Illia_Uriadnikov_Alamy.jpg","datePublished":"2023-08-09T02:18:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/attacker-breakout-time-shrinks-again-underscoring-need-for-automation\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/attacker-breakout-time-shrinks-again-underscoring-need-for-automation\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/attacker-breakout-time-shrinks-again-underscoring-need-for-automation\/#primaryimage","url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt8a25edf2b87a91d5\/62a0cff45eaa182dab84c7e9\/Threats_Illia_Uriadnikov_Alamy.jpg","contentUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt8a25edf2b87a91d5\/62a0cff45eaa182dab84c7e9\/Threats_Illia_Uriadnikov_Alamy.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/attacker-breakout-time-shrinks-again-underscoring-need-for-automation\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Attacker Breakout Time Shrinks Again, Underscoring Need for Automation"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/53139","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=53139"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/53139\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=53139"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=53139"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=53139"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}