CISA Analysis Reveals Successful Attack Techniques of FY 2020CISA Analysis Reveals Successful Attack Techniques of FY 2020
The analysis shows potential attack paths and the most effective techniques for each tactic documented in CISA's Risk and Vulnerability Assessments.
July 10, 2021
The Department of Homeland Cybersecurity and Infrastructure Security Agency (CISA) has released an analysis detailing the findings from Risk and Vulnerability Assessments (RVAs) conducted during the 2020 fiscal year across industries.
The officials' analysis details a sample attack path an intruder could take to compromise an organization, with weaknesses that represent the ones CISA saw in RVAs over the past year. Both CISA's analysis and the accompanying infographic, which includes the success rate percentage for each tactic and technique, map to the MITRE ATT&CK framework, they report.
In the breakdown of successful initial access techniques, officials found phishing links were most common and used to gain initial access in 49% of RVAs. Next were exploits of public-facing applications (11.8%), followed by phishing attachments (9.8%). For execution, PowerShell was used in 24.4% of RVAs, followed by Windows Management Instrumentation (13%) and Command & Scripting Interpreter (12.2%).
Valid accounts were used to gain privilege escalation in 37.5% of RVAs, followed by exploitation for privilege escalation (21.9%) and making and impersonating tokens (15.6%). For lateral movement, attackers primarily used pass-the-hash (29.8%), followed by Remote Desktop Protocol (25%) and exploitation of remote services (11.9%).
CISA notes the sample size is limited and organizations should consider additional attack vectors and mitigation strategies based on their environments.
Read more information here.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
Get the Gartner Report: SOC Model Guide
Gone Phishing: How to Defend Against Persistent Phishing Attempts Targeting Your Organization
The Evolving Ransomware Threat: What Business Leaders Should Know About Data Leakage