

Ask HN: Do cyber attacks happen slowly or quickly? - niche

Seems like Target etc were hacked over long periods of time. And they slowly leaked data and money.<p>When they find out about these attacks, they make it seem like one incident where 50,000 people were targeted.<p>Is this true? Or are these attacks usually incremental and the PR play is just to act like it is a one-shot?
======
patio11
Yes. Also, both.

An attack is just a special case of building a computer system. Planning,
building, and testing often take a while. Execution can happen _very quickly
indeed_. If you time the attack from "start of execution of final payload
script" through "last byte of data transferred by payload script" then many
commercially significant attacks were over in milliseconds.

~~~
some_furry
Everything patio11 said, but with an addendum:

If you're trying to evade a behavioral Intrusion Detection System while
exfiltrating the data, sending a small trickle over a long period of time is
less obvious than sending 2 TB overnight and increases your odds of success.

