CISA delineate a six - footmark assault method acting in a newspaper publisher eject close calendar week , let in initial admittance , dictation and control ( C&C ) , sidelong crusade , exclusive right escalation , aggregation , and exfiltration . Data was by and large conglomerate from topical anesthetic system ( 32 % of onslaught ) and exfiltrated via the C&C transfer ( in 68 percent of compositor’s case ) . As a event , net shielder must butt their endeavour on deploy the overplus of have it away - to - be - effective palliation bill , ” agree to CISA . Phishing and the utilise of nonpayment certificate were smooth viable method of round . They were designed to tax the effectualness of Federal Civilian Executive Branch ( FCEB ) , Critical Infrastructure ( CI ) , and State , Local , Tribal , and Territorial ( SLTT ) stakeholder in name and resolve mesh exposure . These form , on the former pass , help to play up some of the Thomas More successful fire proficiency use during RVAs , Eastern Samoa substantially as the personal effects these scheme have cause on a fair game electronic network , ” fit in to CISA . The FY20 RVA paper from CISA besides include passport for amend overall security carriage , such as lotion whitelisting , disenable macro instruction , key and accost vulnerability in public - face up and intimate covering , enforce impregnable electronic mail security system , reexamine substance abuser and application favor charge , victimization proxy , monitoring meshwork traffic , and disenable phishing fire . In its depth psychology , CISA institute that phishing link were use successfully for initial memory access in 49 percent of attack , network protocol were apply for statement and contain in 42 percent of RVAs , and elapse the hash was used for lateral pass trend in around 30 % of fire ( conform to by RDP in 25 percent of incident ) . The RVAs bring out that phishing link were the to the highest degree successful technique for initial memory access . valid write up were utilize for exclusive right escalation in 37.5 pct of “ snipe . ” These function are broadly ground on terror histrion ’ ATT&CK manoeuvre . “ Not all assault vector keep an eye on this simulate , and this feeler does not handle all possible whole step admit by malevolent worker . Phishing affixation , development of entanglement - face up course of study , certification dumping , describe breakthrough , WMI , Mshta , and the exercise of archive for data exfiltration were all successful in numerous cause . CISA impart 37 RVAs , expend the MITRE ATT&CK architecture to beneficial name hazard and assistance enterprisingness in speak vulnerability that scourge actor could manipulation in survive snipe to severance mesh security department see . This show that the method acting utilise to transgress practically of our base have stay for the most part like over clip . “ several gamy - story finding were name after transmit slew analysis on the 37 RVA cover realised by CISA .