The Cybersecurity and Infrastructure Security Agency (CISA) published a Cybersecurity Advisory (CSA) detailing tactics, techniques, procedures (TTPs) and key findings from a 2022 assessment to provide proactive steps to reduce the threat from malicious cyber actors.
CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks, highlights the importance for all organizations to collect and monitor logs for unusual activity as well as continuous testing and exercises to ensure their environment is not vulnerable to compromise, regardless of its cybersecurity maturity level.
During the assessment, CISA’s red team emulated cyber threat actors to assess the cyber detection and response capabilities of a large critical infrastructure organization with multiple geographically separated sites.
The CSA includes key findings the team found that contributed to persistent, undetected access across the organization’s sites:
Some of the recommended actions in this CSA that can help all organizations harden their environment and protect against real-world malicious activity by cyber threat actors include:
The CSA provides other recommended actions and mitigations as well as more technical details that organizations should review.