FISCAL YEAR 2019 – RISK VULNERABILITY AND ASSESSMENT (RVA)

The Cybersecurity and Information Security Agency (CISA) has released a mapping analysis of 44 of its Risk and Vulnerability Assessments (RVAs) conducted in Fiscal Year 2019 to the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework.

CISA has identified vulnerabilities that adversaries could potentially exploit to compromise security controls. CISA has collected data in an onsite assessment and combined it with national threat information to provide customers with a tailored risk analysis report. The below table explains the modus operandi of cyber-attacks.

The table identifies routinely successful attack paths CISA observed during RVAs conducted across multiple sectors. Cyber attackers can use these attack paths to compromise organizations.

FY 2019 RVA Results:

Most successful attack techniques are as follows. The percent noted for each technique represents the success rate for that technique across all RVAs.

INITIAL ACCESS EXECUTION
45.5% Spear Phishing Link 70% PowerShell

63.6% Command-line interface

45.5% MSHTA

45.5% Service Execution

43.2% Windows Management Instrumentation

PERSISTENCE PRIVILEGE ESCALATION
25 % Valid Accounts 25 % Valid Accounts

20.5% Exploitation for Privilege Escalation

20.5% Access Token Manipulation

DEFENSE EVASION CREDENTIAL ACCESS
45.5% MSHTA

36.4% Process Hollowing

25% Valid Accounts

20.5% Access Token Manipulation

88.6% Credential Dumping

68.2% LLMNR/NBT-NS Poisoning

38.6% Credentials in Files

22.7% Kerberoasting

20.5% Brute Force

DISCOVERY LATERAL MOVEMENT
63.6% Account Discovery

50% Network Service Scanning

47.7% Network Share Discovery

43.2% Remote System Discovery

40.9% Process Discovery

31.8% Password Policy Discovery

27.3% System Owner/ User Discovery

27.3% Permission Groups Discovery

61.4% Pass the Hash

52.3% Remote Desktop Protocol

22.7% Windows Admin Shares

22.7% Remote Services

COLLECTION Command and control
47.7% Screen Capture

45.5% Data from Local System

36.4% Data from Network Shared Drive

22.7% Automated Collection

54.5% Commonly used ports

20.5% Data Encoding

 

Mitigation for above TOP Techniques:

The top ten mitigations shown here are widely effective across the top techniques.

1)              User Training

2)              User Account Management

3)              Privileged Account Management

4)              Password Policies

5)              Operating System Configuration

6)              Network Segmentation

7)              Network Intrusion Prevention

8)              Multi-Factor Authentication

9)              Filter Network Traffic

10)           Disable or Remove Feature or Program

11)             Audit

Bottomline

This report identifies regularly successful paths of attack observed by CISA during RVAs across multiple sectors. These attack paths can be used by cybercriminals to compromise organizations.

Network administrators and IT experts are advised by CISA to review this information and follow the necessary defensive methods to defend against the tactics and techniques observed.

This report by CISA is a solid reminder that the importance of adequate cybersecurity is a must these days. Knowing what vulnerabilities bad actors are actively exploiting and prioritizing their remediation is one of the most effective ways of reducing the risk. Therefore, each firm should utilize well-trained, highly skilled professionals, and cybersecurity services to protect data, safeguard the digital infrastructure and the very future!

This is a serious reminder again on the importance of adequate cybersecurity is a must these days. Knowing what vulnerabilities bad actors are actively exploiting and prioritizing their remediation is one of the most effective ways of reducing the risk. Therefore, each firm should utilize well-trained, highly skilled professionals, and cybersecurity services to protect data, safeguard the digital infrastructure and the very future!

Cybernetic Global Intelligence a global IAF accredited ISO 27001 certified cyber security organization is here for all of your information security support and cyber security requirements. We’ll deliver you the cyber security compliance by reducing the risk and lowering the costs your business could face from cyber-attacks.

Can you afford leaving your business or organization unprotected TODAY? Contact us today and enhance your company’s success with secured cybersecurity frameworks.

Post a Comment