SlideShare a Scribd company logo

FY19_RVAs_Mapped_to_the_MITRE_ATTCK_Framework_508.pdf

sikandar girgoukar
sikandar girgoukar

Rty

Automotive
1 of 1
Download to read offline
TLP:WHITE RIS AND K VULNERABILITY ASSESSMENT (RVA) MAPPED TO THE MITRE ATT&CK® FRAMEWORK FISCAL YEAR 2019 (FY19) TLP:WHITE Risk and Vulnerability Assessment: Upon request, CISA can identify vulnerabilities that adversaries could potentially exploit to compromise security controls. We collect data in an on-site assessment and combine it with national threat information to provide customers with a tailored risk analysis report. + HOW WE LATERAL AND ESCALATE Initial Access » Spearphishing Link and MSHTA Execution » PowerShell Defense Evasion » Process Injection and MSHTA Command & Control » Commonly Used Port Attack Path 1: Gone Phishin’ Attack Path 2: You’ve Poisoned My LLMNR Credential Access » LLMNR/NBT-NS Poisoning and Relay Brute Force Discovery » Network Sniffing Attack Path 3: The Ol’ Discover & Dump Discovery » Permissions Group Discovery System Owner/User Discovery Execution » Windows Management Instrumentation Persistence/ » Valid Accounts Defense Evasion/ Privilege Escalation Attack Path 4: I Like My Kerberos Well-Done Initial Access » Kerberoasting Brute Force Persistence/ » Valid Accounts Defense Evasion/ Privilege Escalation Attack Path 5: Is That a Cleartext Password or SSH Key, I See? Credential Access » Credentials in Files Bash History Private Keys Valid Accounts Persistence/ » Valid Accounts Defense Evasion/ Privilege Escalation FY19 RVA RESULTS MITRE ATT&CK Tactics and Techniques The percent noted for each technique represents the success rate for that technique across all RVAs. For example, spearphishing link was used to gain initial access in 45.5% of the FY19 RVAs. 44 Total Number of Assessments Initial Access 45.5% Spearphishing Link 4.5% Exploit Public-Facing Application 2.3% Spearphishing Attachment Execution 70.5% PowerShell 63.6% Command-Line Interface 45.5% MSHTA 45.5% Service Execution 43.2% Windows Management Instrumentation 18.2% Graphical User Interface 11.4% Scripting 9.1% User Execution 9.1% Exploitation for Client Execution 2.3% Execution through API Persistence 25.0% Valid Accounts 9.1% New Service 4.5% Create Account 2.3% Windows Management Instrumentation Event Subscription 2.3% Registry Run Keys/Startup Folder 2.3% Launch Agent Privilege Escalation 25.0% Valid Accounts 20.5% Exploitation for Privilege Escalation 20.5% Access Token Manipulation 15.9% Process Injection 9.1% New Service 9.1% Bypass User Account Control 2.3% Sudo 2.3% Exploitation of Vulnerability Defense Evasion 45.5% MSHTA 36.4% Process Hollowing 25.0% Valid Accounts 20.5% Access Token Manipulation 15.9% Process Injection 11.4% Scripting 11.4% Obfuscated Files or Information 9.1% Bypass User Account Control 6.8% Indicator Removal from Tools 6.8% Hidden Window 6.8% File Deletion 4.5% Masquerading 4.5% DLL Side-Loading 2.3% Process Dopplegänging 2.3% Disabling Security Tools Credential Access 88.6% Credential Dumping 68.2% LLMNR/NBT-NS Poisoning 38.6% Credentials in Files 22.7% Kerberoasting 20.5% Brute Force 15.9% Network Sniffing 11.4% Input Capture 9.1% Account Manipulation 4.5% Exploitation of Credential Access 2.3% Private Keys 2.3% Forced Authentication 2.3% Credentials in Registry 2.3% Bash History Discovery 63.6% Account Discovery 50.0% Network Service Scanning 47.7% File & Directory Discovery 45.5% Network Share Discovery 43.2% Remote System Discovery 40.9% Process Discovery 31.8% Password Policy Discovery 27.3% System Owner/User Discovery 27.3% Permission Groups Discovery 18.2% System Service Discovery 18.2% Security Software Discovery 13.6% System Information Discovery 11.4% System Network Configuration Discovery 4.5% System Time Discovery 4.5% System Network Connections Discovery 4.5% Query Registry 2.3% Peripheral Device Discovery Lateral Movement 61.4% Pass the Hash 52.3% Remote Desktop Protocol 22.7% Windows Admin Shares 22.7% Remote Services 13.6% Exploitation of Remote Services 9.1% Pass the Ticket 2.3% Remote File Copy 2.3% Distributed Component Object Model Collection 47.7% Screen Capture 45.5% Data from Local System 36.4% Data from Network Shared Drive 22.7% Automated Collection 11.4% Man in the Browser 11.4% Input Capture 2.3% Email Collection 2.3% Data from Information Repositories 2.3% Clipboard Data Command & Control 54.5% Commonly Used Port 20.5% Data Encoding 18.2% Remote Access Tools 18.2% Connection Proxy 11.4% Standard Application Layer Protocol 9.1% Data Obfuscation 9.1% Custom Command & Control Protocol 4.5% Standard Cryptographic Protocol 2.3% Remote File Copy 2.3% Multi-hop Proxy Exfiltration 18.2% Scheduled Transfer 13.6% Exfiltration over Command & Control Channel 11.4% Data Encrypted 4.5% Data Compressed 4.5% Automated Exfiltration MITIGATIONS FOR TOP TECHNIQUES The top ten mitigations shown here are widely effective across the top techniques.* *Top techniques and mitigations vary by sector and environment. Organizations should consider additional attack vectors and mitigation strategies based on their unique environment. User Training M1017 Train users to be aware of access or manipulation attempts by an adversary to reduce the risk of successful spear- phishing and social engineering. User Account Management M1018 Manage the creation, modification, use, and permissions associated to user accounts. Privileged Account Management M1026 Manage the creation, modification, use, and permissions associated to privileged accounts, including SYSTEM and root. Password Policies M1027 Set and enforce secure password policies for accounts. Operating System Configuration M1028 Make configuration changes to the operating system that result in system hardening against techniques. Network Segmentation M1030 Architect sections of the network to isolate critical systems, functions, or resources. Use physical and logical segmentation to prevent access to sensitive systems and information. Network Intrusion Prevention M1031 Use intrusion detection signatures to block traffic at network boundaries. Multi-factor Authentication M1032 Use two or more pieces of evidence to authenticate to a system. Filter Network Traffic M1037 Use network appliances to filter ingress or egress traffic and perform protocol- based filtering. Disable or Remove Feature or Program M1042 Remove or deny access to unnecessary and potentially vulnerable software to prevent abuse by adversaries. Audit M1047 Perform audits or scans of systems, permissions, software, configurations, etc. to identify potential weaknesses. This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) and Pre-ATT&CK frameworks. See the ATT&CK for Enterprise and Pre-ATT&CK frameworks for referenced threat actor techniques. For more information about CISA assessment services, please visit https://www.cisa.gov/

Recommended

Solvit identity is the new perimeter
Solvit identity is the new perimeterSolvit identity is the new perimeter
Solvit identity is the new perimeter
S.E. CTS CERT-GOV-MD
 
MITRE_ATTACK_Enterprise_11x17.pdf
MITRE_ATTACK_Enterprise_11x17.pdfMITRE_ATTACK_Enterprise_11x17.pdf
MITRE_ATTACK_Enterprise_11x17.pdf
AisyiFree
 
(SACON) Wasim Halani & Arpan Raval - Practical Threat Hunting - Developing an...
(SACON) Wasim Halani & Arpan Raval - Practical Threat Hunting - Developing an...(SACON) Wasim Halani & Arpan Raval - Practical Threat Hunting - Developing an...
(SACON) Wasim Halani & Arpan Raval - Practical Threat Hunting - Developing an...
Priyanka Aash
 
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Adam Pennington
 
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...
Robert Brandel
 
HIPAA 101 Compliance Threat Landscape & Best Practices
HIPAA 101 Compliance Threat Landscape & Best PracticesHIPAA 101 Compliance Threat Landscape & Best Practices
HIPAA 101 Compliance Threat Landscape & Best Practices
Hostway|HOSTING
 
Network security, seriously?
Network security, seriously?Network security, seriously?
Network security, seriously?
Peter Wood
 
Threat Detection Algorithms Make Big Data into Better Data
Threat Detection Algorithms Make Big Data into Better Data Threat Detection Algorithms Make Big Data into Better Data
Threat Detection Algorithms Make Big Data into Better Data
Enterprise Management Associates
 

Recommended

Solvit identity is the new perimeter
Solvit identity is the new perimeterSolvit identity is the new perimeter
Solvit identity is the new perimeter
S.E. CTS CERT-GOV-MD
 
MITRE_ATTACK_Enterprise_11x17.pdf
MITRE_ATTACK_Enterprise_11x17.pdfMITRE_ATTACK_Enterprise_11x17.pdf
MITRE_ATTACK_Enterprise_11x17.pdf
AisyiFree
 
(SACON) Wasim Halani & Arpan Raval - Practical Threat Hunting - Developing an...
(SACON) Wasim Halani & Arpan Raval - Practical Threat Hunting - Developing an...(SACON) Wasim Halani & Arpan Raval - Practical Threat Hunting - Developing an...
(SACON) Wasim Halani & Arpan Raval - Practical Threat Hunting - Developing an...
Priyanka Aash
 
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Adam Pennington
 
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...
Robert Brandel
 
HIPAA 101 Compliance Threat Landscape & Best Practices
HIPAA 101 Compliance Threat Landscape & Best PracticesHIPAA 101 Compliance Threat Landscape & Best Practices
HIPAA 101 Compliance Threat Landscape & Best Practices
Hostway|HOSTING
 
Network security, seriously?
Network security, seriously?Network security, seriously?
Network security, seriously?
Peter Wood
 
Threat Detection Algorithms Make Big Data into Better Data
Threat Detection Algorithms Make Big Data into Better Data Threat Detection Algorithms Make Big Data into Better Data
Threat Detection Algorithms Make Big Data into Better Data
Enterprise Management Associates
 
Uac sales pres_20_apr09-2
Uac sales pres_20_apr09-2Uac sales pres_20_apr09-2
Uac sales pres_20_apr09-2
lousifers
 
Cyber Threat hunting workshop
Cyber Threat hunting workshopCyber Threat hunting workshop
Cyber Threat hunting workshop
Arpan Raval
 
2.1 Web Vulnerabilities.pptx
2.1 Web Vulnerabilities.pptx2.1 Web Vulnerabilities.pptx
2.1 Web Vulnerabilities.pptx
MiteshVyas16
 
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation Plans
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation PlansEvolution of Offensive Testing - ATT&CK-based Adversary Emulation Plans
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation Plans
Christopher Korban
 
McAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMMcAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEM
Iftikhar Ali Iqbal
 
#ALSummit: Live Cyber Hack Demonstration
#ALSummit: Live Cyber Hack Demonstration#ALSummit: Live Cyber Hack Demonstration
#ALSummit: Live Cyber Hack Demonstration
Alert Logic
 
Update from the MITRE ATT&CK Team
Update from the MITRE ATT&CK TeamUpdate from the MITRE ATT&CK Team
Update from the MITRE ATT&CK Team
Adam Pennington
 
3 steps to 4x the risk coverage of CA ControlMinder
3 steps to 4x the risk coverage of CA ControlMinder3 steps to 4x the risk coverage of CA ControlMinder
3 steps to 4x the risk coverage of CA ControlMinder
ObserveIT
 
Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12
Jim Kaplan CIA CFE
 
Security For Application Development
Security For Application DevelopmentSecurity For Application Development
Security For Application Development
6502programmer
 
System Z Mainframe Security For An Enterprise
System Z Mainframe Security For An EnterpriseSystem Z Mainframe Security For An Enterprise
System Z Mainframe Security For An Enterprise
Jim Porell
 
Security and-visibility
Security and-visibilitySecurity and-visibility
Security and-visibility
edwardstudyemai
 
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
NetworkCollaborators
 
Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics
NetworkCollaborators
 
Intellinx.z watch
Intellinx.z watchIntellinx.z watch
Intellinx.z watch
Jim Porell
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General Audience
Tom K
 
Data erasure's role in limiting cyber attacks
Data erasure's role in limiting cyber attacksData erasure's role in limiting cyber attacks
Data erasure's role in limiting cyber attacks
Blancco
 
BMC IT Service Management- The Cloudaction.pptx
BMC IT Service Management- The Cloudaction.pptxBMC IT Service Management- The Cloudaction.pptx
BMC IT Service Management- The Cloudaction.pptx
Cloudaction
 
Observe it v67 webinar v5
Observe it v67 webinar v5Observe it v67 webinar v5
Observe it v67 webinar v5
ObserveIT
 
XG Firewall
XG FirewallXG Firewall
XG Firewall
DeServ - Tecnologia e Servços
 
mechso.pptxhhdhf;ldhfwi;fh;ihw;ieh;ihhi;woh;h
mechso.pptxhhdhf;ldhfwi;fh;ihw;ieh;ihhi;woh;hmechso.pptxhhdhf;ldhfwi;fh;ihw;ieh;ihhi;woh;h
mechso.pptxhhdhf;ldhfwi;fh;ihw;ieh;ihhi;woh;h
sikandar girgoukar
 
powder meturllargyvhhadbsbd.bsbd.ksabjb.a
powder meturllargyvhhadbsbd.bsbd.ksabjb.apowder meturllargyvhhadbsbd.bsbd.ksabjb.a
powder meturllargyvhhadbsbd.bsbd.ksabjb.a
sikandar girgoukar
 

More Related Content

Similar to FY19_RVAs_Mapped_to_the_MITRE_ATTCK_Framework_508.pdf

Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12
Jim Kaplan CIA CFE
 
Data erasure's role in limiting cyber attacks
Data erasure's role in limiting cyber attacksData erasure's role in limiting cyber attacks
Data erasure's role in limiting cyber attacks
Blancco
 
Observe it v67 webinar v5
Observe it v67 webinar v5Observe it v67 webinar v5
Observe it v67 webinar v5
ObserveIT
 

Similar to FY19_RVAs_Mapped_to_the_MITRE_ATTCK_Framework_508.pdf (20)

Uac sales pres_20_apr09-2
Uac sales pres_20_apr09-2Uac sales pres_20_apr09-2
Uac sales pres_20_apr09-2
 
Cyber Threat hunting workshop
Cyber Threat hunting workshopCyber Threat hunting workshop
Cyber Threat hunting workshop
 
2.1 Web Vulnerabilities.pptx
2.1 Web Vulnerabilities.pptx2.1 Web Vulnerabilities.pptx
2.1 Web Vulnerabilities.pptx
 
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation Plans
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation PlansEvolution of Offensive Testing - ATT&CK-based Adversary Emulation Plans
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation Plans
 
McAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMMcAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEM
 
#ALSummit: Live Cyber Hack Demonstration
#ALSummit: Live Cyber Hack Demonstration#ALSummit: Live Cyber Hack Demonstration
#ALSummit: Live Cyber Hack Demonstration
 
Update from the MITRE ATT&CK Team
Update from the MITRE ATT&CK TeamUpdate from the MITRE ATT&CK Team
Update from the MITRE ATT&CK Team
 
3 steps to 4x the risk coverage of CA ControlMinder
3 steps to 4x the risk coverage of CA ControlMinder3 steps to 4x the risk coverage of CA ControlMinder
3 steps to 4x the risk coverage of CA ControlMinder
 
Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12
 
Security For Application Development
Security For Application DevelopmentSecurity For Application Development
Security For Application Development
 
System Z Mainframe Security For An Enterprise
System Z Mainframe Security For An EnterpriseSystem Z Mainframe Security For An Enterprise
System Z Mainframe Security For An Enterprise
 
Security and-visibility
Security and-visibilitySecurity and-visibility
Security and-visibility
 
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
 
Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics
 
Intellinx.z watch
Intellinx.z watchIntellinx.z watch
Intellinx.z watch
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General Audience
 
Data erasure's role in limiting cyber attacks
Data erasure's role in limiting cyber attacksData erasure's role in limiting cyber attacks
Data erasure's role in limiting cyber attacks
 
BMC IT Service Management- The Cloudaction.pptx
BMC IT Service Management- The Cloudaction.pptxBMC IT Service Management- The Cloudaction.pptx
BMC IT Service Management- The Cloudaction.pptx
 
Observe it v67 webinar v5
Observe it v67 webinar v5Observe it v67 webinar v5
Observe it v67 webinar v5
 
XG Firewall
XG FirewallXG Firewall
XG Firewall
 

More from sikandar girgoukar

mechso.pptxhhdhf;ldhfwi;fh;ihw;ieh;ihhi;woh;h
mechso.pptxhhdhf;ldhfwi;fh;ihw;ieh;ihhi;woh;hmechso.pptxhhdhf;ldhfwi;fh;ihw;ieh;ihhi;woh;h
mechso.pptxhhdhf;ldhfwi;fh;ihw;ieh;ihhi;woh;h
sikandar girgoukar
 
Engineering process in detail with block diagram and explanation
Engineering process in detail with block diagram and explanationEngineering process in detail with block diagram and explanation
Engineering process in detail with block diagram and explanation
sikandar girgoukar
 
2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt
2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt
2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt
sikandar girgoukar
 
ISO27k ISMS Mandatory documentation checklist release 1v1 (2).docx
ISO27k ISMS Mandatory documentation checklist release 1v1 (2).docxISO27k ISMS Mandatory documentation checklist release 1v1 (2).docx
ISO27k ISMS Mandatory documentation checklist release 1v1 (2).docx
sikandar girgoukar
 

More from sikandar girgoukar (9)

mechso.pptxhhdhf;ldhfwi;fh;ihw;ieh;ihhi;woh;h
mechso.pptxhhdhf;ldhfwi;fh;ihw;ieh;ihhi;woh;hmechso.pptxhhdhf;ldhfwi;fh;ihw;ieh;ihhi;woh;h
mechso.pptxhhdhf;ldhfwi;fh;ihw;ieh;ihhi;woh;h
 
powder meturllargyvhhadbsbd.bsbd.ksabjb.a
powder meturllargyvhhadbsbd.bsbd.ksabjb.apowder meturllargyvhhadbsbd.bsbd.ksabjb.a
powder meturllargyvhhadbsbd.bsbd.ksabjb.a
 
new pptbjkjjhhdkjhhjhjhhjhjhbjbaddsad.pptx
new pptbjkjjhhdkjhhjhjhhjhjhbjbaddsad.pptxnew pptbjkjjhhdkjhhjhjhhjhjhbjbaddsad.pptx
new pptbjkjjhhdkjhhjhjhhjhjhbjbaddsad.pptx
 
Engineering process in detail with block diagram and explanation
Engineering process in detail with block diagram and explanationEngineering process in detail with block diagram and explanation
Engineering process in detail with block diagram and explanation
 
Information security policy and topic-sp
Information security policy and topic-spInformation security policy and topic-sp
Information security policy and topic-sp
 
Domestic Violence.pptx
Domestic Violence.pptxDomestic Violence.pptx
Domestic Violence.pptx
 
2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt
2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt
2211-III-IV-Info-Security-061cab6ee6c0fb0-53969879.ppt
 
prompt.pptx
prompt.pptxprompt.pptx
prompt.pptx
 
ISO27k ISMS Mandatory documentation checklist release 1v1 (2).docx
ISO27k ISMS Mandatory documentation checklist release 1v1 (2).docxISO27k ISMS Mandatory documentation checklist release 1v1 (2).docx
ISO27k ISMS Mandatory documentation checklist release 1v1 (2).docx
 

Recently uploaded

ELECTRICITÉ TMT 55.pdf electrick diagram manitout
ELECTRICITÉ TMT 55.pdf electrick diagram manitoutELECTRICITÉ TMT 55.pdf electrick diagram manitout
ELECTRICITÉ TMT 55.pdf electrick diagram manitout
ssjews46
 
Vip Hot Call Girls 🫤 Mahipalpur ➡️ 9711199171 ➡️ Delhi 🫦 Whatsapp Number
Vip Hot Call Girls 🫤 Mahipalpur ➡️ 9711199171 ➡️ Delhi 🫦 Whatsapp NumberVip Hot Call Girls 🫤 Mahipalpur ➡️ 9711199171 ➡️ Delhi 🫦 Whatsapp Number
Vip Hot Call Girls 🫤 Mahipalpur ➡️ 9711199171 ➡️ Delhi 🫦 Whatsapp Number
kumarajju5765
 
Call Girls Kadugodi Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Kadugodi Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Kadugodi Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Kadugodi Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
amitlee9823
 
Call Girls in Malviya Nagar Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts Ser...
Call Girls in Malviya Nagar Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts Ser...Call Girls in Malviya Nagar Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts Ser...
Call Girls in Malviya Nagar Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts Ser...
Delhi Call girls
 
如何办理麦考瑞大学毕业证(MQU毕业证书)成绩单原版一比一
如何办理麦考瑞大学毕业证(MQU毕业证书)成绩单原版一比一如何办理麦考瑞大学毕业证(MQU毕业证书)成绩单原版一比一
如何办理麦考瑞大学毕业证(MQU毕业证书)成绩单原版一比一
ozave
 
Top Rated Call Girls South Mumbai : 9920725232 We offer Beautiful and sexy Ca...
Top Rated Call Girls South Mumbai : 9920725232 We offer Beautiful and sexy Ca...Top Rated Call Girls South Mumbai : 9920725232 We offer Beautiful and sexy Ca...
Top Rated Call Girls South Mumbai : 9920725232 We offer Beautiful and sexy Ca...
amitlee9823
 
Call Girls in Patel Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Patel Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Patel Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Patel Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Majestic Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore Es...
Majestic Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore Es...Majestic Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore Es...
Majestic Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore Es...
amitlee9823
 
Sales & Marketing Alignment_ How to Synergize for Success.pptx.pdf
Sales & Marketing Alignment_ How to Synergize for Success.pptx.pdfSales & Marketing Alignment_ How to Synergize for Success.pptx.pdf
Sales & Marketing Alignment_ How to Synergize for Success.pptx.pdf
Aggregage
 
Bangalore Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore E...
Bangalore Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore E...Bangalore Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore E...
Bangalore Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore E...
amitlee9823
 
➥🔝 7737669865 🔝▻ narsinghpur Call-girls in Women Seeking Men 🔝narsinghpur🔝 ...
➥🔝 7737669865 🔝▻ narsinghpur Call-girls in Women Seeking Men 🔝narsinghpur🔝 ...➥🔝 7737669865 🔝▻ narsinghpur Call-girls in Women Seeking Men 🔝narsinghpur🔝 ...
➥🔝 7737669865 🔝▻ narsinghpur Call-girls in Women Seeking Men 🔝narsinghpur🔝 ...
nirzagarg
 
Vip Mumbai Call Girls Navi Mumbai Call On 9920725232 With Body to body massag...
Vip Mumbai Call Girls Navi Mumbai Call On 9920725232 With Body to body massag...Vip Mumbai Call Girls Navi Mumbai Call On 9920725232 With Body to body massag...
Vip Mumbai Call Girls Navi Mumbai Call On 9920725232 With Body to body massag...
amitlee9823
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN ABUDHABI,DUBAI MA...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN ABUDHABI,DUBAI MA...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN ABUDHABI,DUBAI MA...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN ABUDHABI,DUBAI MA...
Health
 
Call Girls In Kotla Mubarakpur Delhi ❤️8448577510 ⊹Best Escorts Service In 24...
Call Girls In Kotla Mubarakpur Delhi ❤️8448577510 ⊹Best Escorts Service In 24...Call Girls In Kotla Mubarakpur Delhi ❤️8448577510 ⊹Best Escorts Service In 24...
Call Girls In Kotla Mubarakpur Delhi ❤️8448577510 ⊹Best Escorts Service In 24...
lizamodels9
 
Escorts Service Rajajinagar ☎ 7737669865☎ Book Your One night Stand (Bangalore)
Escorts Service Rajajinagar ☎ 7737669865☎ Book Your One night Stand (Bangalore)Escorts Service Rajajinagar ☎ 7737669865☎ Book Your One night Stand (Bangalore)
Escorts Service Rajajinagar ☎ 7737669865☎ Book Your One night Stand (Bangalore)
amitlee9823
 
(ISHITA) Call Girls Service Jammu Call Now 8617697112 Jammu Escorts 24x7
(ISHITA) Call Girls Service Jammu Call Now 8617697112 Jammu Escorts 24x7(ISHITA) Call Girls Service Jammu Call Now 8617697112 Jammu Escorts 24x7
(ISHITA) Call Girls Service Jammu Call Now 8617697112 Jammu Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Tata_Nexon_brochure tata nexon brochure tata
Tata_Nexon_brochure tata nexon brochure tataTata_Nexon_brochure tata nexon brochure tata
Tata_Nexon_brochure tata nexon brochure tata
aritradey27234
 

Recently uploaded (20)

ELECTRICITÉ TMT 55.pdf electrick diagram manitout
ELECTRICITÉ TMT 55.pdf electrick diagram manitoutELECTRICITÉ TMT 55.pdf electrick diagram manitout
ELECTRICITÉ TMT 55.pdf electrick diagram manitout
 
Vip Hot Call Girls 🫤 Mahipalpur ➡️ 9711199171 ➡️ Delhi 🫦 Whatsapp Number
Vip Hot Call Girls 🫤 Mahipalpur ➡️ 9711199171 ➡️ Delhi 🫦 Whatsapp NumberVip Hot Call Girls 🫤 Mahipalpur ➡️ 9711199171 ➡️ Delhi 🫦 Whatsapp Number
Vip Hot Call Girls 🫤 Mahipalpur ➡️ 9711199171 ➡️ Delhi 🫦 Whatsapp Number
 
Call Girls Kadugodi Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Kadugodi Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Kadugodi Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Kadugodi Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 
Call Girls in Malviya Nagar Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts Ser...
Call Girls in Malviya Nagar Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts Ser...Call Girls in Malviya Nagar Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts Ser...
Call Girls in Malviya Nagar Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts Ser...
 
如何办理麦考瑞大学毕业证(MQU毕业证书)成绩单原版一比一
如何办理麦考瑞大学毕业证(MQU毕业证书)成绩单原版一比一如何办理麦考瑞大学毕业证(MQU毕业证书)成绩单原版一比一
如何办理麦考瑞大学毕业证(MQU毕业证书)成绩单原版一比一
 
John deere 425 445 455 Maitenance Manual
John deere 425 445 455 Maitenance ManualJohn deere 425 445 455 Maitenance Manual
John deere 425 445 455 Maitenance Manual
 
Top Rated Call Girls South Mumbai : 9920725232 We offer Beautiful and sexy Ca...
Top Rated Call Girls South Mumbai : 9920725232 We offer Beautiful and sexy Ca...Top Rated Call Girls South Mumbai : 9920725232 We offer Beautiful and sexy Ca...
Top Rated Call Girls South Mumbai : 9920725232 We offer Beautiful and sexy Ca...
 
Is Your BMW PDC Malfunctioning Discover How to Easily Reset It
Is Your BMW PDC Malfunctioning Discover How to Easily Reset ItIs Your BMW PDC Malfunctioning Discover How to Easily Reset It
Is Your BMW PDC Malfunctioning Discover How to Easily Reset It
 
John Deere 7430 7530 Tractors Diagnostic Service Manual W.pdf
John Deere 7430 7530 Tractors Diagnostic Service Manual W.pdfJohn Deere 7430 7530 Tractors Diagnostic Service Manual W.pdf
John Deere 7430 7530 Tractors Diagnostic Service Manual W.pdf
 
Call Girls in Patel Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Patel Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Patel Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Patel Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
Majestic Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore Es...
Majestic Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore Es...Majestic Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore Es...
Majestic Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore Es...
 
Sales & Marketing Alignment_ How to Synergize for Success.pptx.pdf
Sales & Marketing Alignment_ How to Synergize for Success.pptx.pdfSales & Marketing Alignment_ How to Synergize for Success.pptx.pdf
Sales & Marketing Alignment_ How to Synergize for Success.pptx.pdf
 
Bangalore Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore E...
Bangalore Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore E...Bangalore Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore E...
Bangalore Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore E...
 
➥🔝 7737669865 🔝▻ narsinghpur Call-girls in Women Seeking Men 🔝narsinghpur🔝 ...
➥🔝 7737669865 🔝▻ narsinghpur Call-girls in Women Seeking Men 🔝narsinghpur🔝 ...➥🔝 7737669865 🔝▻ narsinghpur Call-girls in Women Seeking Men 🔝narsinghpur🔝 ...
➥🔝 7737669865 🔝▻ narsinghpur Call-girls in Women Seeking Men 🔝narsinghpur🔝 ...
 
Vip Mumbai Call Girls Navi Mumbai Call On 9920725232 With Body to body massag...
Vip Mumbai Call Girls Navi Mumbai Call On 9920725232 With Body to body massag...Vip Mumbai Call Girls Navi Mumbai Call On 9920725232 With Body to body massag...
Vip Mumbai Call Girls Navi Mumbai Call On 9920725232 With Body to body massag...
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN ABUDHABI,DUBAI MA...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN ABUDHABI,DUBAI MA...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN ABUDHABI,DUBAI MA...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN ABUDHABI,DUBAI MA...
 
Call Girls In Kotla Mubarakpur Delhi ❤️8448577510 ⊹Best Escorts Service In 24...
Call Girls In Kotla Mubarakpur Delhi ❤️8448577510 ⊹Best Escorts Service In 24...Call Girls In Kotla Mubarakpur Delhi ❤️8448577510 ⊹Best Escorts Service In 24...
Call Girls In Kotla Mubarakpur Delhi ❤️8448577510 ⊹Best Escorts Service In 24...
 
Escorts Service Rajajinagar ☎ 7737669865☎ Book Your One night Stand (Bangalore)
Escorts Service Rajajinagar ☎ 7737669865☎ Book Your One night Stand (Bangalore)Escorts Service Rajajinagar ☎ 7737669865☎ Book Your One night Stand (Bangalore)
Escorts Service Rajajinagar ☎ 7737669865☎ Book Your One night Stand (Bangalore)
 
(ISHITA) Call Girls Service Jammu Call Now 8617697112 Jammu Escorts 24x7
(ISHITA) Call Girls Service Jammu Call Now 8617697112 Jammu Escorts 24x7(ISHITA) Call Girls Service Jammu Call Now 8617697112 Jammu Escorts 24x7
(ISHITA) Call Girls Service Jammu Call Now 8617697112 Jammu Escorts 24x7
 
Tata_Nexon_brochure tata nexon brochure tata
Tata_Nexon_brochure tata nexon brochure tataTata_Nexon_brochure tata nexon brochure tata
Tata_Nexon_brochure tata nexon brochure tata
 

FY19_RVAs_Mapped_to_the_MITRE_ATTCK_Framework_508.pdf

  • 1. TLP:WHITE RIS AND K VULNERABILITY ASSESSMENT (RVA) MAPPED TO THE MITRE ATT&CK® FRAMEWORK FISCAL YEAR 2019 (FY19) TLP:WHITE Risk and Vulnerability Assessment: Upon request, CISA can identify vulnerabilities that adversaries could potentially exploit to compromise security controls. We collect data in an on-site assessment and combine it with national threat information to provide customers with a tailored risk analysis report. + HOW WE LATERAL AND ESCALATE Initial Access » Spearphishing Link and MSHTA Execution » PowerShell Defense Evasion » Process Injection and MSHTA Command & Control » Commonly Used Port Attack Path 1: Gone Phishin’ Attack Path 2: You’ve Poisoned My LLMNR Credential Access » LLMNR/NBT-NS Poisoning and Relay Brute Force Discovery » Network Sniffing Attack Path 3: The Ol’ Discover & Dump Discovery » Permissions Group Discovery System Owner/User Discovery Execution » Windows Management Instrumentation Persistence/ » Valid Accounts Defense Evasion/ Privilege Escalation Attack Path 4: I Like My Kerberos Well-Done Initial Access » Kerberoasting Brute Force Persistence/ » Valid Accounts Defense Evasion/ Privilege Escalation Attack Path 5: Is That a Cleartext Password or SSH Key, I See? Credential Access » Credentials in Files Bash History Private Keys Valid Accounts Persistence/ » Valid Accounts Defense Evasion/ Privilege Escalation FY19 RVA RESULTS MITRE ATT&CK Tactics and Techniques The percent noted for each technique represents the success rate for that technique across all RVAs. For example, spearphishing link was used to gain initial access in 45.5% of the FY19 RVAs. 44 Total Number of Assessments Initial Access 45.5% Spearphishing Link 4.5% Exploit Public-Facing Application 2.3% Spearphishing Attachment Execution 70.5% PowerShell 63.6% Command-Line Interface 45.5% MSHTA 45.5% Service Execution 43.2% Windows Management Instrumentation 18.2% Graphical User Interface 11.4% Scripting 9.1% User Execution 9.1% Exploitation for Client Execution 2.3% Execution through API Persistence 25.0% Valid Accounts 9.1% New Service 4.5% Create Account 2.3% Windows Management Instrumentation Event Subscription 2.3% Registry Run Keys/Startup Folder 2.3% Launch Agent Privilege Escalation 25.0% Valid Accounts 20.5% Exploitation for Privilege Escalation 20.5% Access Token Manipulation 15.9% Process Injection 9.1% New Service 9.1% Bypass User Account Control 2.3% Sudo 2.3% Exploitation of Vulnerability Defense Evasion 45.5% MSHTA 36.4% Process Hollowing 25.0% Valid Accounts 20.5% Access Token Manipulation 15.9% Process Injection 11.4% Scripting 11.4% Obfuscated Files or Information 9.1% Bypass User Account Control 6.8% Indicator Removal from Tools 6.8% Hidden Window 6.8% File Deletion 4.5% Masquerading 4.5% DLL Side-Loading 2.3% Process Dopplegänging 2.3% Disabling Security Tools Credential Access 88.6% Credential Dumping 68.2% LLMNR/NBT-NS Poisoning 38.6% Credentials in Files 22.7% Kerberoasting 20.5% Brute Force 15.9% Network Sniffing 11.4% Input Capture 9.1% Account Manipulation 4.5% Exploitation of Credential Access 2.3% Private Keys 2.3% Forced Authentication 2.3% Credentials in Registry 2.3% Bash History Discovery 63.6% Account Discovery 50.0% Network Service Scanning 47.7% File & Directory Discovery 45.5% Network Share Discovery 43.2% Remote System Discovery 40.9% Process Discovery 31.8% Password Policy Discovery 27.3% System Owner/User Discovery 27.3% Permission Groups Discovery 18.2% System Service Discovery 18.2% Security Software Discovery 13.6% System Information Discovery 11.4% System Network Configuration Discovery 4.5% System Time Discovery 4.5% System Network Connections Discovery 4.5% Query Registry 2.3% Peripheral Device Discovery Lateral Movement 61.4% Pass the Hash 52.3% Remote Desktop Protocol 22.7% Windows Admin Shares 22.7% Remote Services 13.6% Exploitation of Remote Services 9.1% Pass the Ticket 2.3% Remote File Copy 2.3% Distributed Component Object Model Collection 47.7% Screen Capture 45.5% Data from Local System 36.4% Data from Network Shared Drive 22.7% Automated Collection 11.4% Man in the Browser 11.4% Input Capture 2.3% Email Collection 2.3% Data from Information Repositories 2.3% Clipboard Data Command & Control 54.5% Commonly Used Port 20.5% Data Encoding 18.2% Remote Access Tools 18.2% Connection Proxy 11.4% Standard Application Layer Protocol 9.1% Data Obfuscation 9.1% Custom Command & Control Protocol 4.5% Standard Cryptographic Protocol 2.3% Remote File Copy 2.3% Multi-hop Proxy Exfiltration 18.2% Scheduled Transfer 13.6% Exfiltration over Command & Control Channel 11.4% Data Encrypted 4.5% Data Compressed 4.5% Automated Exfiltration MITIGATIONS FOR TOP TECHNIQUES The top ten mitigations shown here are widely effective across the top techniques.* *Top techniques and mitigations vary by sector and environment. Organizations should consider additional attack vectors and mitigation strategies based on their unique environment. User Training M1017 Train users to be aware of access or manipulation attempts by an adversary to reduce the risk of successful spear- phishing and social engineering. User Account Management M1018 Manage the creation, modification, use, and permissions associated to user accounts. Privileged Account Management M1026 Manage the creation, modification, use, and permissions associated to privileged accounts, including SYSTEM and root. Password Policies M1027 Set and enforce secure password policies for accounts. Operating System Configuration M1028 Make configuration changes to the operating system that result in system hardening against techniques. Network Segmentation M1030 Architect sections of the network to isolate critical systems, functions, or resources. Use physical and logical segmentation to prevent access to sensitive systems and information. Network Intrusion Prevention M1031 Use intrusion detection signatures to block traffic at network boundaries. Multi-factor Authentication M1032 Use two or more pieces of evidence to authenticate to a system. Filter Network Traffic M1037 Use network appliances to filter ingress or egress traffic and perform protocol- based filtering. Disable or Remove Feature or Program M1042 Remove or deny access to unnecessary and potentially vulnerable software to prevent abuse by adversaries. Audit M1047 Perform audits or scans of systems, permissions, software, configurations, etc. to identify potential weaknesses. This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) and Pre-ATT&CK frameworks. See the ATT&CK for Enterprise and Pre-ATT&CK frameworks for referenced threat actor techniques. For more information about CISA assessment services, please visit https://www.cisa.gov/