The CISA report describes attack vectors that a hacker can use to compromise networks.
The U.S. Cyber and Infrastructure Security Agency (CISA) has released a report detailing the results of its FY2020 risk and vulnerability assessments across a variety of industries.
The document details the potential attack vectors that an attacker can use to compromise an organization’s systems, taking into account the identified vulnerabilities over the past year. Both the CISA analysis and accompanying infographics that include success rates for each tactic and technique are aligned with the MITER ATT & CK knowledge base.
According to experts, most often criminals obtained initial access using phishing links (in 49% of cases). This is followed by exploitation of vulnerabilities in applications (11.8%), followed by phishing attachments (9.8%). PowerShell was used 24.4% of the time, followed by the legitimate Windows Management Instrumentation (13%) and the command and script interpreter (12.2%).
Valid accounts were used for privilege escalation 37.5% of the time, followed by exploitation of privilege escalation vulnerabilities (21.9%) and token creation and issuance (15.6%). To navigate the network, attackers mainly used the pass-the-hash method (29.8%), followed by the Remote Desktop Protocol (25%) and exploiting problems in remote services (11.9%).
Catch up on more stories here
Follow us on Facebook here