ABSTRACT

CISA Analysis: FY2020 Risk and Vulnerability Assessments   [open pdf - 1MB]

From the Introduction: "This report analyzes a sample attack path that a cyber threat actor could take to compromise an organization with weaknesses that are representative of those CISA [Cybersecurity and Infrastructure Security Agency] observed in the FY20 RVAs [Risk and Vulnerability Assessments]. The path comprises six successive tactics, or 'steps': 'Initial Access', 'Command and Control', 'Lateral Movement', 'Privilege Escalation', 'Collection', and 'Exfiltration'. In addition to this analysis, the report includes the following observations: [1] Most of the successful attacks proved to be methods commonly used by threat actors, e.g., phishing, use of default credentials. [2]The list of tools and techniques used to conduct these common attacks is ever changing. [3] Many of the organizations exhibited the same weaknesses."

Publisher:
Date:
2021-07
Copyright:
Public Domain
Retrieved From:
U.S. Cybersecurity and Infrastructure Security Agency: https://www.cisa.gov/
Format:
pdf
Media Type:
application/pdf
URL:
Help with citations