The Cybersecurity and Information Security Agency (CISA) has released a mapping analysis of 44 of its Risk and Vulnerability Assessments (RVAs) conducted in Fiscal Year 2019 to the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework.
CISA has identified vulnerabilities that adversaries could potentially exploit to compromise security controls. CISA has collected data in an onsite assessment and combined it with national threat information to provide customers with a tailored risk analysis report. The below table explains the modus operandi of cyber-attacks.
The table identifies routinely successful attack paths CISA observed during RVAs conducted across multiple sectors. Cyber attackers can use these attack paths to compromise organizations.
FY 2019 RVA Results:
Most successful attack techniques are as follows. The percent noted for each technique represents the success rate for that technique across all RVAs.
|45.5% Spear Phishing Link||70% PowerShell
63.6% Command-line interface
45.5% Service Execution
43.2% Windows Management Instrumentation
|25 % Valid Accounts||25 % Valid Accounts
20.5% Exploitation for Privilege Escalation
20.5% Access Token Manipulation
|DEFENSE EVASION||CREDENTIAL ACCESS|
36.4% Process Hollowing
25% Valid Accounts
20.5% Access Token Manipulation
|88.6% Credential Dumping
68.2% LLMNR/NBT-NS Poisoning
38.6% Credentials in Files
20.5% Brute Force
|63.6% Account Discovery
50% Network Service Scanning
47.7% Network Share Discovery
43.2% Remote System Discovery
40.9% Process Discovery
31.8% Password Policy Discovery
27.3% System Owner/ User Discovery
27.3% Permission Groups Discovery
|61.4% Pass the Hash
52.3% Remote Desktop Protocol
22.7% Windows Admin Shares
22.7% Remote Services
|COLLECTION||Command and control|
|47.7% Screen Capture
45.5% Data from Local System
36.4% Data from Network Shared Drive
22.7% Automated Collection
|54.5% Commonly used ports
20.5% Data Encoding
Mitigation for above TOP Techniques:
The top ten mitigations shown here are widely effective across the top techniques.
1) User Training
2) User Account Management
3) Privileged Account Management
4) Password Policies
5) Operating System Configuration
6) Network Segmentation
7) Network Intrusion Prevention
8) Multi-Factor Authentication
9) Filter Network Traffic
10) Disable or Remove Feature or Program
This report identifies regularly successful paths of attack observed by CISA during RVAs across multiple sectors. These attack paths can be used by cybercriminals to compromise organizations.
Network administrators and IT experts are advised by CISA to review this information and follow the necessary defensive methods to defend against the tactics and techniques observed.
This report by CISA is a solid reminder that the importance of adequate cybersecurity is a must these days. Knowing what vulnerabilities bad actors are actively exploiting and prioritizing their remediation is one of the most effective ways of reducing the risk. Therefore, each firm should utilize well-trained, highly skilled professionals, and cybersecurity services to protect data, safeguard the digital infrastructure and the very future!
This is a serious reminder again on the importance of adequate cybersecurity is a must these days. Knowing what vulnerabilities bad actors are actively exploiting and prioritizing their remediation is one of the most effective ways of reducing the risk. Therefore, each firm should utilize well-trained, highly skilled professionals, and cybersecurity services to protect data, safeguard the digital infrastructure and the very future!
Cybernetic Global Intelligence a global IAF accredited ISO 27001 certified cyber security organization is here for all of your information security support and cyber security requirements. We’ll deliver you the cyber security compliance by reducing the risk and lowering the costs your business could face from cyber-attacks.
Can you afford leaving your business or organization unprotected TODAY? Contact us today and enhance your company’s success with secured cybersecurity frameworks.