The Cybersecurity and Infrastructure Security Agency (CISA) released the latest version of its Risk and Vulnerability Assessments (RVA) report, which found that threat actors had the most attack success through “common methods” such as phishing techniques in fiscal year (FY) 2022.
The report – released on July 26 – comes after CISA conducted a thorough assessment of some of the Federal government’s most vulnerable areas, as well as indicating techniques that run the risk of exposing Federal agencies.
“This report analyzes a sample attack path cyber threat actors could leverage to compromise an organization using weaknesses identified in the FY22 RVAs,” the report says.
“Although the sample attack path does not encompass all the potential steps threat actors used—and not all attack paths follow this model—a skilled threat actor could follow this path to successfully exploit a target. The sample attack path highlights the more successful attack strategies used during RVAs and the impacts these strategies have had on target networks,” the report adds.
The report indicated that threat actors are currently attacking valid accounts through “spear phishing, or leveraging insecure ports or protocols, to compromise a victim’s network.” This occurs during the initial access step, where threat actors attempt to infiltrate valid accounts.
“RVA analyses revealed that valid accounts were the most common successful attack technique, responsible for 54 percent of successful attempts. Valid accounts can be former employee accounts that have not been removed from the active directory or default administrator accounts,” states the report.
The report concludes by suggesting that organizations must “implement mitigations-centered intrusion prevention techniques” as well as “enhanced protection mechanisms alongside phishing-resistant MFA and strong password policies.”