The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Multi-State Information Sharing & Analysis Center (MS-ISAC), and Israel National Cyber Directorate (INCD) published a “Guide to Securing Remote Access Software,” which provides an overview of common exploitations and associated tactics, techniques, and procedures (TTPs) used by cyber threat actors to exploit the legitimate, beneficial use of this software for easy broad access to victim systems.
By leveraging legitimate remote access software, malicious cyber actors are able to undertake a type of attack called living off the land (LOTL). This Guide is particularly relevant given demonstrated use of these techniques by advanced adversaries, as reflected in the recent joint advisory highlighting People’s Republic of China state-sponsored cyber actors using living off the land techniques, including exploitation of remote capabilities, to evade detection.
Informed by an ongoing public-private planning effort within the Joint Cyber Defense Collaborative, this guide includes recommendations to information technology (IT), operational technology (OT) and industrial control systems (ICS) professionals and organizations on best practices for securely using remote access software and how to detect and defend against malicious actors abusing remote access products.
Managed service providers (MSPs), software-as-a-service (SaaS) providers, IT help desks, and other network administrators conduct regular business and remotely perform several functions using remote access software, which includes remote administration solutions and remote monitoring and management (RMM).
All organizations are encouraged to implement recommendations, such as user training programs, phishing exercises, host-based and network-based controls. Also, specific recommendations are provided for SaaS customers, MSPs, IT administrators, and developers of products with remote access capabilities.
Link to full report: Guide_to_Securing_Remote_Access_Software_FINAL_508c_v3.pdf
This article is presented at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
Comments