Attackers Now Need Just 29 Minutes to Own a Network

Dark Reading

by Jai Vijayan

February 24, 2026

AI-Generated Deep Dive Summary

In a significant shift in cyber威胁 dynamics, attackers now require just 29 minutes, on average, to move through a network after breaching it, according to CrowdStrike's analysis of 2025 threat activity. This marks a 65% increase from the previous year and highlights a concerning trend where adversaries are operating with unprecedented speed. The fastest "breakout" occurred in just 27 seconds, while one attack began data exfiltration four minutes after initial access. This acceleration is driven by factors like credential misuse, AI tools, and unmanaged devices on enterprise networks. One key factor behind this speed is the widespread abuse of legitimate credentials, which allows attackers to blend into normal network traffic and bypass traditional security controls. In 35% of cloud-related incidents, attackers used valid account credentials to move freely without triggering alerts. Additionally, 82% of threat detections in 2025 were malware-free, meaning attackers often exploited authorized pathways and trusted systems to remain undetected. This shift underscores the growing importance of identity in both initial access and lateral movement across cloud, SaaS, and on-premises environments. The rise of AI has further enabled attackers to exploit vulnerabilities more quickly, with Chinese threat actors particularly effective at targeting unmanaged devices—such as VPNs, firewalls, and personal devices—that lack endpoint detection and response controls. These devices are often

Verticals

securitytech

Originally published on Dark Reading on 2/24/2026