valid account statement were employ for exclusive right escalation in 37.5 pct of “ attack . ” CISA deal 37 RVAs , exploitation the MITRE ATT&CK computer architecture to just place chance and serve go-ahead in address vulnerability that menace player could use in experience flack to transgress net security measure curb . “ respective high - floor finding were identify after acquit vogue analytic thinking on the 37 RVA story finish by CISA . “ Not all set on transmitter keep up this mannikin , and this come on does not masking all potential tone ask by evil worker . Phishing and the utilise of nonremittal credential were soundless practicable method of approach . CISA set a six - abuse onset method acting in a composition bring out endure week , let in initial get at , dictation and control ( C&C ) , sidelong drive , favor escalation , aggregation , and exfiltration . The RVAs let out that phishing connexion were the to the highest degree successful technique for initial access code . As a outcome , meshing guardian must target their feat on deploy the plethora of screw - to - be - good extenuation step , ” harmonize to CISA . Phishing adherence , victimization of web - present programme , certificate floor , report discovery , WMI , Mshta , and the exercise of archive for information exfiltration were all successful in numerous typeface . They were intentional to assess the strength of Federal Civilian Executive Branch ( FCEB ) , Critical Infrastructure ( CI ) , and State , Local , Tribal , and Territorial ( SLTT ) stakeholder in identify and resolve meshing exposure . In its analytic thinking , CISA institute that phishing inter-group communication were utilize successfully for initial access in 49 per centum of onset , network protocol were ill-used for bidding and contain in 42 per centum of RVAs , and qualifying the hasheesh was secondhand for lateral campaign in around 30 % of attack ( follow by RDP in 25 per centum of incident ) . The FY20 RVA story from CISA besides admit passport for meliorate boilers suit security department pose , such as application program whitelisting , crippling macro , place and accost exposure in populace - facing and intimate application program , apply substantial netmail security department , critique drug user and coating prerogative even out , using placeholder , monitoring network traffic , and disabling phishing tone-beginning . These operation are slackly free-base on menace role player ’ ATT&CK manoeuvre . Data was for the most part foregather from topical anesthetic scheme ( 32 % of snipe ) and exfiltrated via the C&C transfer ( in 68 percent of example ) . These form , on the former manus , dish to play up some of the more successful onslaught proficiency utilize during RVAs , axerophthol swell as the event these scheme have induce on a prey electronic network , ” harmonise to CISA . This demonstrate that the method acting use to transgress often of our infrastructure have rest for the most part Lapp over time .