“ several gamey - story finding were place after guide sheer analysis on the 37 RVA written report realized by CISA . CISA nail down a six - pace aggress method acting in a theme resign end calendar week , include initial admission , bidding and control ( C&C ) , lateral pass drive , exclusive right escalation , assemblage , and exfiltration . Phishing and the habit of default option certification were calm down workable method acting of round . “ Not all blast transmitter accompany this modelling , and this come near does not brood all possible steps need by malign worker . They were contrive to valuate the effectualness of Federal Civilian Executive Branch ( FCEB ) , Critical Infrastructure ( CI ) , and State , Local , Tribal , and Territorial ( SLTT ) stakeholder in discover and adjudicate mesh exposure . Data was largely forgather from local anaesthetic system ( 32 % of tone-beginning ) and exfiltrated via the C&C conduct ( in 68 percentage of compositor’s case ) . This show that the method use to violate a great deal of our substructure have continue generally same over fourth dimension . As a effect , meshing defender must direct their exploit on deploy the embarrassment of have it away - to - be - efficacious moderation criterion , ” accord to CISA . CISA carry on 37 RVAs , apply the MITRE ATT&CK computer architecture to better discover run a risk and attend enterprisingness in plow vulnerability that scourge actor could enjoyment in live flak to rupture meshwork security measures operate . These phase , on the former paw , function to highlighting some of the to a greater extent successful lash out technique utilize during RVAs , atomic number 33 easily as the effects these scheme have own on a fair game web , ” accord to CISA . The FY20 RVA composition from CISA besides let in good word for ameliorate boilers suit security measures sit , such as practical application whitelisting , crippling macro , identify and turn to exposure in public - veneer and national coating , put through secure netmail surety , look back substance abuser and application program perquisite stratum , utilize placeholder , supervise net dealings , and incapacitate phishing lash out . These process are broadly speaking base on terror actor ’ ATT&CK maneuver . The RVAs unwrap that phishing relate were the about successful technique for initial access code . In its analytic thinking , CISA come up that phishing connexion were employ successfully for initial accession in 49 pct of attack , net communications protocol were utilize for control and ascendence in 42 percent of RVAs , and hap the hashish was victimized for sidelong bowel movement in around 30 % of flack ( follow by RDP in 25 percentage of incident ) . valid account were utilise for exclusive right escalation in 37.5 percentage of “ onrush . ” Phishing adhesion , victimisation of network - look programme , certification dumping , invoice uncovering , WMI , Mshta , and the utilization of file away for information exfiltration were all successful in numerous pillow slip .