[CDP-development] CISA, USCG Publish Analysis Report on Findings During 2022 Risk and Vulnerability Assessments

Masse, Theresa theresa.masse at cisa.dhs.gov
Wed Jul 26 07:04:56 PDT 2023 

FYSA


As the Nation's cyber defense agency, the Cybersecurity and Infrastructure Security Agency (CISA) and U.S. Coast Guard Cyber Command (CGCYBER) published an analysis report<https://www.cisa.gov/sites/default/files/2023-07/FY22-RVA-Analysis%20-%20Final_508c.pdf> on their findings during 121 Risk and Vulnerability Assessments (RVAs) collectively conducted across multiple critical infrastructure sectors in 2022. This report analyzes a sample attack path cyber threat actors could leverage to compromise an organization using weaknesses identified in the FY22 RVAs.

In the FY22 RVA Analysis Report<https://www.cisa.gov/sites/default/files/2023-07/FY22-RVA-Analysis%20-%20Final_508c.pdf>, valid accounts are identified as the most prominent, successful technique used across multiple adversarial tactics during the assessments, to include initial access and lateral movement. To guard against an actual attempt by a malicious actor to successfully use valid accounts technique, critical infrastructure entities must implement strong password policies, such as phishing-resistant multifactor authentication (MFA), and monitor access logs and network communication logs to detect abnormal access.

The other adversarial techniques identified during RVAs in 2022 and previous years continue to persist, such as susceptibility to successful spearphishing, PowerShell and remote desktop protocol (RDP) exploitation, and process injection (i.e., injecting malicious code into a legitimate process), keylogging. We are seeing that more organizations are reducing their risk and mitigate vulnerabilities identified in our annual analysis reports, however, we recognize there is more we can do to help even more organizations protect their networks and systems, to include target-rich, resource-poor entities.

The goal of RVA analysis report and associated infographic<https://www.cisa.gov/sites/default/files/2023-07/FY22%20RVA%20Infographic_508c.pdf> is to help all organizations develop effective strategies that positively impact and improve their security posture.



Theresa A. Masse
Cybersecurity State Coordinator/Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse at cisa.dhs.gov<mailto:theresa.masse at cisa.dhs.gov>

[cid:image001.png at 01D9BF8F.6972CCA0]



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20230726/47de2464/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 16152 bytes
Desc: image001.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20230726/47de2464/attachment-0001.png>

More information about the CDP-development mailing list