[CDP-development] CISA Releases Guide to Securing Remote Access Software

Tue Jun 6 10:49:26 PDT 2023

FYSA

Today, the Cybersecurity and Infrastructure Security Agency (CISA<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>), National Security Agency (NSA<https://www.nsa.gov/Cybersecurity/>), Federal Bureau of Investigation (FBI<https://www.ic3.gov/>), Multi-State Information Sharing & Analysis Center (MS-ISAC<https://www.cisecurity.org/ms-isac>), and Israel National Cyber Directorate (INCD<https://www.gov.il/he/departments/israel_national_cyber_directorate/govil-landing-page>) published a "Guide to Securing Remote Access Software<https://cisa.gov/resources-tools/resources/guide-securing-remote-access-software>," which provides an overview of common exploitations and associated tactics, techniques, and procedures (TTPs) used by cyber threat actors to exploit the legitimate, beneficial use of this software for easy broad access to victim systems.

By leveraging legitimate remote access software, malicious cyber actors are able to undertake a type of attack called living off the land (LOTL). This Guide is particularly relevant given demonstrated use of these techniques by advanced adversaries, as reflected in the recent joint advisory<https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-144a> highlighting People's Republic of China state-sponsored cyber actors using living off the land techniques, including exploitation of remote capabilities, to evade detection.

Informed by an ongoing public-private planning effort within the Joint Cyber Defense Collaborative<https://cisa.gov/jcdc>, this guide includes recommendations to information technology (IT), operational technology (OT) and industrial control systems (ICS) professionals and organizations on best practices for securely using remote access software and how to detect and defend against malicious actors abusing remote access products.

Managed service providers (MSPs), software-as-a-service (SaaS) providers, IT help desks, and other network administrators conduct regular business and remotely perform a number of functions using remote access software, which includes remote administration solutions and remote monitoring and management (RMM).

All organizations are encouraged to implement recommendations, such as user training programs, phishing exercises, host-based and network-based controls. Also, specific recommendations are provided for SaaS customers, MSPs, IT administrators, and developers of products with remote access capabilities.

For more on CISA's work to help organizations strengthen their cybersecurity and mitigate the risk, visit CISA.gov<https://cisa.gov/resources-tools/all-resources-tools>.

Theresa A. Masse
Cybersecurity State Coordinator/Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse at cisa.dhs.gov<mailto:theresa.masse at cisa.dhs.gov>

[cid:image001.png at 01D99864.7B8D0010]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20230606/363f8d1c/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 16152 bytes
Desc: image001.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20230606/363f8d1c/attachment-0001.png>