The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Multi-State Information Sharing and Analysis Center (MS-ISAC) and Israel National Cyber Directorate (INCD) recently released the Guide to Securing Remote Access Software. This joint guide informs organizations how to detect and defend against malicious actors abusing this software by providing common exploitations and associated tactics, techniques and procedures (TTPs).
While there are beneficial features and legitimate uses of remote access software, malicious actors often exploit these products to evade detection and establish network connections through cloud-hosted infrastructure. By leveraging legitimate remote access software, malicious cyber actors are able to undertake a type of attack called living off the land (LOTL).
Informed by an ongoing public-private planning effort within the Joint Cyber Defense Collaborative, this joint guide provides recommendations to information technology (IT), operational technology (OT) and industrial control systems (ICS) professionals and organizations on best practices for securely using remote access software and how to detect and defend against malicious actors abusing remote access products.