The Cybersecurity and Information Security Agency (CISA) has released a mapping analysis of 44 of its Risk and Vulnerability Assessments (RVAs) conducted in Fiscal Year 2019 to the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework.
CISA has identified vulnerabilities that adversaries could potentially exploit to compromise security controls. CISA has collected data in an onsite assessment and combined it with national threat information to provide customers with a tailored risk analysis report. The below table explains the modus operandi of cyber-attacks.
The table identifies routinely successful attack paths CISA observed during RVAs conducted across multiple sectors. Cyber attackers can use these attack paths to compromise organizations.
FY 2019 RVA Results:
Most successful attack techniques are as follows. The percent noted for each technique represents the success rate for that technique across all RVAs.
INITIAL ACCESS | EXECUTION |
45.5% Spear Phishing Link | 70% PowerShell
63.6% Command-line interface 45.5% MSHTA 45.5% Service Execution 43.2% Windows Management Instrumentation |
PERSISTENCE | PRIVILEGE ESCALATION |
25 % Valid Accounts | 25 % Valid Accounts
20.5% Exploitation for Privilege Escalation 20.5% Access Token Manipulation |
DEFENSE EVASION | CREDENTIAL ACCESS |
45.5% MSHTA
36.4% Process Hollowing 25% Valid Accounts 20.5% Access Token Manipulation |
88.6% Credential Dumping
68.2% LLMNR/NBT-NS Poisoning 38.6% Credentials in Files 22.7% Kerberoasting 20.5% Brute Force |
DISCOVERY | LATERAL MOVEMENT |
63.6% Account Discovery
50% Network Service Scanning 47.7% Network Share Discovery 43.2% Remote System Discovery 40.9% Process Discovery 31.8% Password Policy Discovery 27.3% System Owner/ User Discovery 27.3% Permission Groups Discovery |
61.4% Pass the Hash
52.3% Remote Desktop Protocol 22.7% Windows Admin Shares 22.7% Remote Services |
COLLECTION | Command and control |
47.7% Screen Capture
45.5% Data from Local System 36.4% Data from Network Shared Drive 22.7% Automated Collection |
54.5% Commonly used ports
20.5% Data Encoding |
Mitigation for above TOP Techniques:
The top ten mitigations shown here are widely effective across the top techniques.
1) User Training
2) User Account Management
3) Privileged Account Management
4) Password Policies
5) Operating System Configuration
6) Network Segmentation
7) Network Intrusion Prevention
8) Multi-Factor Authentication
9) Filter Network Traffic
10) Disable or Remove Feature or Program
11) Audit
Bottomline
This report identifies regularly successful paths of attack observed by CISA during RVAs across multiple sectors. These attack paths can be used by cybercriminals to compromise organizations.
Network administrators and IT experts are advised by CISA to review this information and follow the necessary defensive methods to defend against the tactics and techniques observed.
This report by CISA is a solid reminder that the importance of adequate cybersecurity is a must these days. Knowing what vulnerabilities bad actors are actively exploiting and prioritizing their remediation is one of the most effective ways of reducing the risk. Therefore, each firm should utilize well-trained, highly skilled professionals, and cybersecurity services to protect data, safeguard the digital infrastructure and the very future!
This is a serious reminder again on the importance of adequate cybersecurity is a must these days. Knowing what vulnerabilities bad actors are actively exploiting and prioritizing their remediation is one of the most effective ways of reducing the risk. Therefore, each firm should utilize well-trained, highly skilled professionals, and cybersecurity services to protect data, safeguard the digital infrastructure and the very future!
Cybernetic Global Intelligence a global IAF accredited ISO 27001 certified cyber security organization is here for all of your information security support and cyber security requirements. We’ll deliver you the cyber security compliance by reducing the risk and lowering the costs your business could face from cyber-attacks.
Can you afford leaving your business or organization unprotected TODAY? Contact us today and enhance your company’s success with secured cybersecurity frameworks.