"CISA: Most Cyberattacks on Governments, Critical Infrastructure Involve Valid Credentials"
According to a new report from the US Cybersecurity and Infrastructure Security Agency (CISA), more than half of all cyberattacks against government agencies, critical infrastructure organizations, and state-level government bodies involved legitimate accounts. CISA collaborated with the US Coast Guard (USCG) in 2022 to conduct 121 Risk and Vulnerability Assessments (RVAs) on federal civilian agencies, high-priority private and public sector critical infrastructure operators, and select state, local, tribal, and territorial stakeholders. According to Gabriel Davis, a federal lead for risk operations at CISA, these assessments are designed to test an organization's defenses and allow the government to explore how they would respond to a sophisticated attack. They also provide CISA with information about how hackers operate. A new report of their findings reveals that threat actors conducted their most successful attacks using standard techniques involving phishing and default credentials. In 54 percent of successful attacks studied, valid credentials, including those from former employee accounts that have not been disabled in addition to default administrator accounts, were used. This article continues to discuss key findings from the RVAs.