Incident Score: Analysis & Impact (VER1779209354)

Rankiteo's analysis has identified several MITRE ATT&CK tactics and techniques associated with this incident, each with varying levels of confidence based on available evidence. Under the Initial Access tactic, the analysis identified Exploit Public-Facing Application (T1190) with high confidence (90%), with evidence including exploitation of vulnerabilities (42%), and web application attacks accounted for 95% of breaches, Phishing (T1566) with moderate to high confidence (80%), with evidence including phishing (9%) as leading attack vector, and social engineering accounted for 95% of breaches, and Valid Accounts (T1078) with moderate to high confidence (85%), with evidence including credential abuse (14%) as leading attack vector, and credentials (26%) compromised. Under the Execution tactic, the analysis identified Exploitation for Client Execution (T1203) with moderate to high confidence (70%), supported by evidence indicating exploitation of vulnerabilities (42%) as attack vector. Under the Persistence tactic, the analysis identified Valid Accounts (T1078) with moderate to high confidence (80%), with evidence including credential abuse (14%) as attack vector, and credentials (26%) compromised. Under the Privilege Escalation tactic, the analysis identified Exploitation for Privilege Escalation (T1068) with moderate to high confidence (70%), supported by evidence indicating exploitation of vulnerabilities (42%) as attack vector and Valid Accounts (T1078) with moderate to high confidence (80%), with evidence including credential abuse (14%) as attack vector, and credentials (26%) compromised. Under the Defense Evasion tactic, the analysis identified Valid Accounts (T1078) with moderate to high confidence (80%), with evidence including credential abuse (14%) as attack vector, and external actors (99%) dominated and Exploitation for Defense Evasion (T1211) with moderate to high confidence (70%), supported by evidence indicating exploitation of vulnerabilities (42%) as attack vector. Under the Credential Access tactic, the analysis identified Brute Force (T1110) with moderate to high confidence (70%), supported by evidence indicating credential abuse (14%) as attack vector and Credentials from Password Stores (T1555) with moderate to high confidence (80%), with evidence including credentials (26%) compromised, and secrets (20%) compromised. Under the Discovery tactic, the analysis identified Account Discovery (T1087) with moderate to high confidence (70%), with evidence including internal information (84%) compromised, and system intrusion accounted for breaches. Under the Collection tactic, the analysis identified Data from Local System (T1005) with high confidence (90%), with evidence including internal information (84%) compromised, and 806 breaches involved confirmed data disclosure and Data from Information Repositories (T1213) with moderate to high confidence (80%), with evidence including internal information (84%) compromised, and secrets (20%) compromised. Under the Exfiltration tactic, the analysis identified Exfiltration Over C2 Channel (T1041) with moderate to high confidence (80%), with evidence including 806 breaches involved confirmed data disclosure, and espionage-driven attacks (19%) and Exfiltration Over Web Service (T1567) with moderate to high confidence (70%), supported by evidence indicating web application attacks accounted for 95% of breaches. Under the Impact tactic, the analysis identified Defacement (T1491) with moderate confidence (50%), supported by evidence indicating system intrusion accounted for 95% of breaches. These correlations help security teams understand the attack chain and develop appropriate defensive measures based on the observed tactics and techniques.