CISA has released an analysis and infographic detailing the findings from the 121 Risk and Vulnerability Assessments (RVAs) conducted across multiple critical infrastructure sectors in fiscal year 2023 (FY23).

The analysis details a sample attack path including tactics and steps a cyber threat actor could follow to compromise an organization with weaknesses representative of those CISA observed in FY23 RVAs. The infographic highlights the most successful techniques for each tactic that RVAs documented. Both the analysis and infographic map threat actor behavior to the MITRE ATT&CK® framework.

CISA encourages network defenders to review the analysis and infographic and apply the recommended mitigations to protect against the observed tactics and techniques.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Google: apparent Russian hackers play copycat to commercial spyware vendors

August 29, 2024 0 Comments 0 tags

When experts on spyware outline the dangers of that snooping technology, they often note how vendors can put tools in the hands of their customers that are nearly as sophisticated

Read More

#BHUSA: CISA Director Confident in US Election Security

August 8, 2024 0 Comments 0 tags

CISA Director Jen Easterly expressed strong confidence in the integrity of US election, despite ongoing cybersecurity threats to democratic processes

Read More

Picketed at work, confronted at church: Why election workers have left the job

June 20, 2024 0 Comments 0 tags

Over the course of 20 years as an election administrator in Shasta County, Calif., Cathy Darling Allen oversaw nearly a dozen national election cycles and countless local races. In February,

Read More