Today, CISA, the FBI, the National Security Agency (NSA), MS-ISAC, and the Israel National Cyber Directorate (INCD) released the Guide to Securing Remote Access Software. This guide is intended to provide an overview of legitimate uses of remote access software; common exploitations and associated tactics, techniques, and procedures (TTPs); and how to detect and defend against malicious actors exploiting this software.
Remote access software provides organizations with a broad array of capabilities to maintain and manage information technology (IT), operational technology (OT), and industrial control system (ICS) services. However, when not deployed securely, this “convenience” provides cyber threat actors multiple exploitation vectors, including initial access, maintaining persistence, deploying additional software and tools, lateral movement, and data exfiltration.
CISA encourages organizations to review this joint guide for recommendations and best practices to implement in alignment with its specific cybersecurity requirements to better detect and defend against exploitation. Additionally, organizations can refer to the additional information on guidance for MSPs and small- and mid-sized businesses and malicious use of remote monitoring and management software in using remote software and implementing mitigations.
To report suspicious or criminal activity related to information found in the guide, contact your local FBI field office, or the FBI’s 24/7 Cyber Watch (CyWatch) at (855) 292-3937, or by e-mail at [email protected]. If you have any further questions, or to request incident response resources or technical assistance related to these threats, contact CISA at [email protected]. Access the full guide at CISA.