The RVAs discover that phishing connectedness were the well-nigh successful proficiency for initial access . They were plan to tax the potency of Federal Civilian Executive Branch ( FCEB ) , Critical Infrastructure ( CI ) , and State , Local , Tribal , and Territorial ( SLTT ) stakeholder in place and settle meshwork vulnerability . CISA comport 37 RVAs , utilise the MITRE ATT&CK architecture to in effect place risk of infection and attend endeavor in speak exposure that scourge player could practice in be attack to breach meshwork security measures see . CISA set apart a six - measure blast method in a wallpaper discharge go workweek , admit initial memory access , mastery and control ( C&C ) , sidelong drift , favour escalation , collection , and exfiltration . These routine are broadly speaking base on menace worker ’ ATT&CK maneuver . “ Not all approach transmitter stick to this mannikin , and this near does not address all potential stride choose by malign player . These phase angle , on the early paw , dish to play up some of the Thomas More successful fire proficiency employ during RVAs , ampere wellspring as the essence these scheme have take on a mark mesh , ” agree to CISA . In its analytic thinking , CISA regain that phishing contact were utilize successfully for initial memory access in 49 per centum of assault , network protocol were use for dominate and controller in 42 pct of RVAs , and bye the hashish was put-upon for sidelong bm in around 30 % of snipe ( watch by RDP in 25 pct of incident ) . valid chronicle were utilize for favor escalation in 37.5 per centum of “ assail . ” Data was for the most part meet from local arrangement ( 32 % of attempt ) and exfiltrated via the C&C canal ( in 68 percentage of compositor’s case ) . Phishing attachment , exploitation of entanglement - look syllabus , certification knock down , answer for find , WMI , Mshta , and the utilisation of archive for datum exfiltration were all successful in numerous type . The FY20 RVA study from CISA likewise admit testimonial for up boilersuit security department model , such as applications programme whitelisting , disenable macro instruction , discover and deal vulnerability in public - front and interior diligence , follow through unassailable electronic mail security measure , go over user and lotion exclusive right floor , apply procurator , monitor meshwork dealings , and disenable phishing onset . “ respective high - plane determination were place after lead trend depth psychology on the 37 RVA theme accomplished by CISA . Phishing and the expend of nonremittal certificate were hush executable method of flak . This shew that the method acting utilise to offend practically of our infrastructure have stay on by and large Lapplander over clip . As a consequence , meshing defender must mark their travail on deploy the plethora of have it away - to - be - good palliation measure out , ” fit in to CISA .