<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:"Franklin Gothic Book";
        panose-1:2 11 5 3 2 1 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
p.xxmsonormal, li.xxmsonormal, div.xxmsonormal
        {mso-style-name:x_x_msonormal;
        margin:0in;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
p.xxparagraph, li.xxparagraph, div.xxparagraph
        {mso-style-name:x_x_paragraph;
        margin:0in;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
p.xxmsonospacing, li.xxmsonospacing, div.xxmsonospacing
        {mso-style-name:x_x_msonospacing;
        margin:0in;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
span.xxcontentpasted0
        {mso-style-name:x_x_contentpasted0;}
span.xxmsohyperlink
        {mso-style-name:x_x_msohyperlink;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">FYSA<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="xxmsonormal" style="background:white"><span class="xxcontentpasted0"><span style="font-size:12.0pt;font-family:"Franklin Gothic Book",sans-serif;color:black">Today,</span></span><span class="xxcontentpasted0"><span style="font-size:12.0pt;font-family:"Franklin Gothic Book",sans-serif;color:#1B1B1B"> </span></span><span class="xxcontentpasted0"><span style="font-size:12.0pt;font-family:"Franklin Gothic Book",sans-serif;color:black">the Cybersecurity
 and Infrastructure Security Agency (</span></span><span style="font-size:12.0pt;font-family:"Franklin Gothic Book",sans-serif;color:black"><a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">CISA</a><span class="xxcontentpasted0">), National
 Security Agency (</span><a href="https://www.nsa.gov/Cybersecurity/">NSA</a><span class="xxcontentpasted0">), Federal Bureau of Investigation (</span><a href="https://www.ic3.gov/">FBI</a><span class="xxcontentpasted0">), Multi-State Information Sharing &
 Analysis Center (</span><a href="https://www.cisecurity.org/ms-isac">MS-ISAC</a><span class="xxcontentpasted0">), and Israel National Cyber Directorate (</span><a href="https://www.gov.il/he/departments/israel_national_cyber_directorate/govil-landing-page">INCD</a><span class="xxcontentpasted0">)
 published a “</span></span><span style="font-size:12.0pt;color:black"><a href="https://cisa.gov/resources-tools/resources/guide-securing-remote-access-software"><span style="font-family:"Franklin Gothic Book",sans-serif">Guide to Securing Remote Access Software</span></a></span><span class="xxcontentpasted0"><span style="font-size:12.0pt;font-family:"Franklin Gothic Book",sans-serif;color:black">,” which
 provides an overview of common exploitations and associated tactics, techniques, and procedures (TTPs) used by cyber threat actors to exploit the legitimate, beneficial use of this software for easy broad access to victim systems.  </span></span><span style="font-size:12.0pt;color:black"><o:p></o:p></span></p>
<p class="xxmsonormal" style="background:white"><span style="font-size:12.0pt;font-family:"Franklin Gothic Book",sans-serif;color:black"> </span><span style="font-size:12.0pt;color:black"><o:p></o:p></span></p>
<p class="xxmsonormal" style="background:white"><span class="xxcontentpasted0"><span style="font-size:12.0pt;font-family:"Franklin Gothic Book",sans-serif;color:black">By leveraging legitimate remote access software, malicious cyber actors are able to undertake
 a type of attack called living off the land (LOTL). This Guide is particularly relevant given demonstrated use of these techniques by advanced adversaries, as reflected in the recent <a href="https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-144a" title="https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-144a">joint
 advisory</a> highlighting People’s Republic of China state-sponsored cyber actors using living off the land techniques, including exploitation of remote capabilities, to evade detection.</span></span><span style="font-size:12.0pt;font-family:"Franklin Gothic Book",sans-serif;color:black"> </span><span style="font-size:12.0pt;color:black"><o:p></o:p></span></p>
<div>
<p class="MsoNormal" style="background:white"><span style="font-size:12.0pt;font-family:"Franklin Gothic Book",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
<p class="xxparagraph" style="background:white"><span class="xxcontentpasted0"><span style="font-size:12.0pt;font-family:"Franklin Gothic Book",sans-serif;color:black">Informed by an ongoing public-private planning effort within the </span></span><span style="font-size:12.0pt;font-family:"Franklin Gothic Book",sans-serif;color:black"><a href="https://cisa.gov/jcdc">Joint
 Cyber Defense Collaborative</a><span class="xxcontentpasted0">, this guide includes recommendations to information technology (IT), operational technology (OT) and industrial control systems (ICS) professionals and organizations on best practices for securely
 using remote access software and how to detect and defend against malicious actors abusing remote access products. </span></span><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black"><o:p></o:p></span></p>
<p class="xxparagraph" style="background:white"><span style="font-size:12.0pt;font-family:"Franklin Gothic Book",sans-serif;color:black"> </span><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black"><o:p></o:p></span></p>
<p class="xxparagraph" style="background:white"><span class="xxcontentpasted0"><span style="font-size:12.0pt;font-family:"Franklin Gothic Book",sans-serif;color:#030303">Managed service providers (MSPs), software-as-a-service (SaaS) providers, IT help desks,
 and other network administrators conduct regular business and remotely perform a number of functions using remote access software, which includes remote administration solutions and remote monitoring and management (RMM).  </span></span><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black"><o:p></o:p></span></p>
<p class="xxparagraph" style="background:white"><span style="font-size:12.0pt;font-family:"Franklin Gothic Book",sans-serif;color:#030303"> </span><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black"><o:p></o:p></span></p>
<p class="xxparagraph" style="background:white"><span class="xxcontentpasted0"><span style="font-size:12.0pt;font-family:"Franklin Gothic Book",sans-serif;color:#030303">All organizations are encouraged to implement recommendations, such as user training programs,
 phishing exercises, host-based and network-based controls. Also, specific recommendations are provided for SaaS customers, MSPs, IT administrators, and developers of products with remote access capabilities.    </span></span><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black"><o:p></o:p></span></p>
<p class="xxmsonormal" style="background:white"><span style="font-size:12.0pt;font-family:"Franklin Gothic Book",sans-serif;color:black"> </span><span style="font-size:12.0pt;color:black"><o:p></o:p></span></p>
<p class="xxmsonospacing" style="background:white"><span class="xxcontentpasted0"><span style="font-size:12.0pt;font-family:"Franklin Gothic Book",sans-serif;color:black">For more on CISA’s work to help organizations strengthen their cybersecurity and mitigate
 the risk, visit</span></span><span class="xxmsohyperlink"><u><span style="font-size:12.0pt;font-family:"Franklin Gothic Book",sans-serif;color:#0563C1"> </span></u></span><span style="font-size:12.0pt;font-family:"Franklin Gothic Book",sans-serif;color:black"><a href="https://cisa.gov/resources-tools/all-resources-tools">CISA.gov</a><span class="xxcontentpasted0">. </span></span><span class="xxcontentpasted0"><span style="font-family:"Franklin Gothic Book",sans-serif"><o:p></o:p></span></span></p>
<p class="xxmsonospacing" style="background:white"><o:p> </o:p></p>
<p class="MsoNormal"><b><span style="color:#1F497D">Theresa A. Masse<o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Cybersecurity State Coordinator/Advisor, Region 10 (Oregon)
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Cybersecurity and Infrastructure Security Agency<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Department of Homeland Security<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Phone: (503) 930-5671
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Email:</span><span style="font-size:10.0pt;color:#777777">
</span><a href="mailto:theresa.masse@cisa.dhs.gov"><span style="font-size:10.0pt;color:#0563C1">theresa.masse@cisa.dhs.gov</span></a><u><span style="font-size:10.0pt;color:#0760C1"><o:p></o:p></span></u></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><img border="0" width="97" height="97" style="width:1.0138in;height:1.0138in" id="Picture_x0020_2" src="cid:image001.png@01D99864.7B8D0010"><span style="color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="xxmsonospacing" style="background:white"><o:p> </o:p></p>
</div>
</body>
</html>